The OVAL Repository5.42015-09-03T06:35:25.477-04:00Hyperlink Object Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows 2000 COM Internet Services/RPC over HTTP Proxy Component Buffer OverflowMicrosoft Windows 2000COM Internet ServicesBuffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.Christine WalzerINTERIMACCEPTEDACCEPTEDIE v6.0 Content Disposition/Type Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.Andrew ButtnerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGopher Client Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.David ProulxChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE Frame Domain Verification VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE6 Script Execution Vulnerability (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE File Upload VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerThe file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components SQL-DMO Buffer Overflow (Test 1)Microsoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE Cookie-based Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerThe zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 WMF/EMF Buffer OverflowMicrosoft Windows 2000Enhanced Metafile (EMF)Windows Metafile (WMF)Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows 2000 RPCSS Service DCOM Activation Denial of ServiceMicrosoft Windows 2000Remote Procedure Call (RPC)An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.Christine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 SSL PCT Handshake VulnerabilityMicrosoft Windows 2000Private Communications Transport (PCT)Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.Andrew ButtnerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS ASP Server-Side Include Function Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDIE File Download Dialog VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Cross-site Scripting VulnerabilitiesMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDIIS5.0 Windows Media Services Large POST VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.Christine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 Media Services ISAPI Logging VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.Christine WalzerINTERIMACCEPTEDACCEPTEDIIS WebDAV Request Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIIS5.0 Script Source Access VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Out of Process Privilege Elevation VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDIIS5.0 Specialized Header VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.Christine WalzerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE URLMON Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS IE HTML Directive Buffer OverflowMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDZone Spoofing through Malformed Web Page VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE Slash Characters in Type Property VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE File Execution User-prompt Bypass VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE Cached Content Command Execution VulnerabilityMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.Tiffany BergeronINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS HTTP Error Page Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.Harvey RubinovitzShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWindows 2000 IIS System File Listing Privilege Elevation VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDMicrosoft Client Service for NetWare Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemStack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyDEPRECATEDPradeep R BDEPRECATEDWindows 2000 H.323 Protocol Remote Code Execution VulnerabilityMicrosoft Windows 2000H.323Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.Jonathan BakerINTERIMACCEPTEDACCEPTEDIIS Denial of Service via WebDAVMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.Tiffany BergeronINTERIMIngrid SkoogACCEPTEDDragos PrisacaINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 winlogon Remote Buffer OverflowMicrosoft Windows 2000Windows logon process (winlogon)Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 3)Microsoft Windows 2000Remote Procedure Call (RPC)A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.Christine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 SSL Library Denial of ServiceMicrosoft Windows 2000Secure Sockets Layer (SSL)The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.David ProulxINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDWindows 2000 Local Descriptor Table Kernel Access VulnerabilityMicrosoft Windows 2000Local Descriptor Table (LDT)The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.Jonathan BakerINTERIMACCEPTEDACCEPTEDWindows 2000 MUP UNC Request Buffer OverflowMicrosoft Windows 2000Multiple UNC Provider (MUP)Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.Tiffany BergeronShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP4 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 LSASS Buffer Overflow (Sasser Worm Vulnerability)Microsoft Windows 2000Local Security Authority Subsystem Service (LSASS)Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.Tiffany BergeronINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v5.5,SP2 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDRemote Code Execution vulnerability in VBScriptMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."Dragos PrisacaDRAFTINTERIMJ. Daniel BrownDEPRECATEDDEPRECATEDUninitialized Memory Corruption Vulnerability (CVE-2010-0267)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Element Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."Dragos PrisacaDRAFTSudhir GandheSudhir GandheINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBlended Threat Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerApple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.J. Daniel BrownDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0247)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0806)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSMB Pathname Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMS Paint Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDKerberos Null Pointer Dereference VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."Dragos PrisacaDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDMicrosoft Data Analyzer ActiveX Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption Vulnerability (CVE-2010-0491)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 5.01Microsoft Internet Explorer 6Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMS Windows Media Service Denial of ServiceMicrosoft Windows 2000Windows Media ServicesUnknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.Tiffany BergeronINTERIMJohn HoylandINTERIMJohn HoylandJeff ChengJeff ChengINTERIMUnhandled Exception VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMSO.DLL Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows 7Microsoft Office XPBuffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows Kernel Double Free VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows Kernel Exception Handler VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrotype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSMB Null Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDCSRSS Local Privilege Elevation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0490)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTSudhir GandheSudhir GandheINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 3-Function Buffer OverflowMicrosoft Windows 2000Microsoft SQL ServerBuffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.Yi-Fang KohIngrid SkoogINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMike LahINTERIMACCEPTEDACCEPTEDSMB Client Pool Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0248)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet ExplorerMicrosoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTJ. Daniel BrownINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft RPC Denial of ServiceMicrosoft Windows 2000Microsoft SQL Server 2000Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.Tiffany BergeronJonathan BakerINTERIMIngrid SkoogACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0244)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet ExplorerMicrosoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.Dragos PrisacaDRAFTJ. Daniel BrownINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (Win2k,SP4)Microsoft Windows 2000COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDAddress Bar Spoofing on Double Byte Character Set Systems VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory Corruption Vulnerability (CVE-2010-0805)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet Explorer 5.01Microsoft Internet Explorer 6The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDirectShow Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMJ. Daniel BrownACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDSMB Rename VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows Script Engine Heap Overflow (Test 3)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.5Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDDEPRECATED: Windows Script Engine Heap Overflow (Test 2)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.1Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDApache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheInteger overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.J. Daniel BrownDRAFTMatt HansburyMatt HansburyINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDApache HTTP Server 1.3.x is installed on the systemMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheApache HTTP Server 1.3.x is installed on the systemJ. Daniel BrownDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE6 Double Byte Character Parsing Memory Corruption (Win2K/WinXP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE6,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Install Engine Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDPost Encoding Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet Explorer 5.01Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Telnet Environment Disclosure VulnerabilityMicrosoft Windows 2000Services for UNIXThe Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.Jonathan BakerDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Directory Traversal Command Execution (Test 1)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Tiffany BergeronTiffany BergeronACCEPTEDINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDLSASS Privilege Escalation Vulnerability (Windows 2000)Microsoft Windows 2000Local Security Authority Subsystem Service (LSASS)LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDRace Condition Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet Explorer 5.01Microsoft Internet Explorer 6Microsoft Internet Explorer 7Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 CSRSS Privilege Escalation VulnerabilityMicrosoft Windows 2000Client Server Runtime System (CSRSS)Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP4 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSMB NTLM Authentication Lack of Entropy VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Data Access Components 2.8 Broadcast Response Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Data Access Components 2.8Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDIE v6.0,SP1 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxMaria MikhnoINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 5)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft SharePoint Team ServicesUnknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMGlenn StricklandShane ShafferSudhir GandheShane ShafferINTERIMIE v5.01,SP3 SSL Cached Content VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDScript Error Handling Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMMatthew WojcikACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Improper Data Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Process Handle Duplication Privilege EscalationMicrosoft Windows 2000smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.Tiffany BergeronShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWinINet and Windows HTTP Services Credential Reflection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerWindows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.7 Broadcast Response Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Data Access Components 2.7Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWindows Kernel Symbolic Link Value VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWinsock Hostname VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAndrew SimmonsINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 5)Microsoft Windows 2000Microsoft FrontPage Server Extensions 2000Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Tiffany BergeronAndrew ButtnerINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMemory Corruption Vulnerability (CVE-2010-1262)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRedirect Cross-Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerCross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-1259)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k TrueType Font Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMedia Player Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPWindows Media Player 9Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDHTML Sanitization VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office SharePoint Server 2007Microsoft Windows SharePoint Services 3.0Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."Josh TurpinDRAFTDEPRECATEDJonathan BakerDragos PrisacaChandan SDEPRECATEDKorean IME Privilege Elevation Vulnerability in Office 2003 and AccessoriesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDNS Client Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDXML Signature HMAC Truncation Authentication Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET FrameworkThe design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDSharath SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCross-Domain Information Disclosure Vulnerability (CVE-2010-0255)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2k Embedded Web Font VulnerabilityMicrosoft Windows 2000Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows Kernel Symbolic Link Creation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPThe kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Hyperlink Object Library Unchecked Buffer VulnerabilityMicrosoft Windows 2000Hyperlink Object LibraryThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDSMB Client Memory Allocation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMMaria MikhnoACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-1261)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Memory Allocation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDPrivilege Escalation Using Cached Admin ConnectionMicrosoft Windows 2000Microsoft SQL Server 2000An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.Yi-Fang KohACCEPTEDJonathan BakerJonathan BakerINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOpenType CFF Font Driver Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDSMTP Server MX Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2SMTPMicrosoft Exchange Server 2003The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 WINS Buffer OverflowMicrosoft Windows 2000Windows Internet Naming Service (WINS)The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMedia Services Stack-based Buffer Overflow VulnerabilityMicrosoft Windows 2000Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."Dragos PrisacaDRAFTDragos PrisacaDragos PrisacaINTERIMACCEPTEDACCEPTEDIE6,SP1 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBuffer overflow vulnerability in MDAC FunctionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Data Access Components 2.5Microsoft Data Access Components 2.6Microsoft Data Access Components 2.7Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Window Creation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVisual Basic for Applications VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Basic 6.0Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Temporary Internet Files folders Name Reading VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCabview Corruption Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Cabinet File Viewer Shell ExtensionThe Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption Vulnerability (CVE-2010-0249)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTDragos PrisacaJ. Daniel BrownINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Agent Security Prompt Spoofing Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft AgentMicrosoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows Kernel Null Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows Kernel Registry Key VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWinVerifyTrust Signature Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Authenticode Signature VerificationThe WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOutlook Express and Windows Mail Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Outlook ExpressMicrosoft Windows MailMicrosoft Windows Live MailInteger overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Kernel Elevation of Privilege VulnerabilityMicrosoft Windows 2000Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHTML Element Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Media Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Windows Media PlayerMicrosoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Media Player v12 is installed.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Windows Media Player 12Windows Media Player v12 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBuffer overflow vulnerability in kavfm.sys in Kingsoft Antivirus 2010.7.30.201 and earlierMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPKingsoft AntivirusBuffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDKingsoft Antivirus is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPKingsoft AntivirusKingsoft Antivirus is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMJPEG Media Decompression VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Quartz.dll (DirectShow)Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDLocal Security Authority Subsystem Service Resource Exhaustion VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDATL COM Initialization Vulnerability (CVE-2009-2493)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerThe Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."Dragos PrisacaDRAFTINTERIMJ. Daniel BrownDEPRECATEDDEPRECATEDIE v5.01,SP4 Install Engine Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIIS ASP Function Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.David ProulxChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows (ME, NT, 2K, XP), IE v6,SP1 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 ASN.1 Library Integer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft ASN.1 LibraryMultiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.Andrew ButtnerINTERIMACCEPTEDACCEPTEDMaxthon Browser Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Maxthon BrowserMaxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header.Sharath SDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Silverlight and Microsoft .NET Framework CLR VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkMicrosoft SilverlightThe Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMJ. Daniel BrownJ. Daniel BrownJ. Daniel BrownACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 3.5 Original Release is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 3.5Microsoft .NET Framework 3.5 Original Release is installedDragos PrisacaDRAFTINTERIMACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 Service Pack 2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 2.0Microsoft .NET Framework 2.0 Service Pack 2 is installedDragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 3.5 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5 SP1 is installedJosh TurpinDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'ashWsFtr.dll' Unspecified VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusUnspecified vulnerability in ashWsFtr.dll in Avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIIS FTP Service DoS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Internet Information Server (IIS)Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Integer Underflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDData Stream Header Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework Type Verification VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkMicrosoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMaxthon Browser Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Maxthon BrowserMaxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.Sharath SDRAFTINTERIMACCEPTEDACCEPTEDMaxthon Browser is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Maxthon BrowserThe operating system having Maxthon Browser installation.Sharath SDRAFTINTERIMACCEPTEDACCEPTEDOffice BMP Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office XPInteger overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office XPGDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Project 2002 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Project 2002 SP1 is installed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2002 SP2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office Visio 2002The application Microsoft Office Visio 2002 SP2 is installed.Robert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDATL COM Initialization VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownDEPRECATEDDragos PrisacaMaria MikhnoDEPRECATEDHTML Component Handling VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWINS Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k EOT Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Trusted Domain LoopholeMicrosoft Windows 2000In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.Tiffany BergeronTiffany BergeronACCEPTEDINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption Vulnerability (CVE-2009-3672)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMMC Redirect Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Management ConsoleCross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWINS Integer Overflow VulnerabilityMicrosoft Windows 2000Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDirectX Size Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXThe QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDTCP/IP Zero Window Size VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Video ActiveX Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDJ. Daniel BrownDEPRECATEDMaria MikhnoDEPRECATEDBuffer Overflow in Print Spooler VulnerabilityMicrosoft Windows 2000Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTBrendan MilesINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDTelnet Credential Reflection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDLicense Logging Server Heap Overflow VulnerabilityMicrosoft Windows 2000SMBv2The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMDragos PrisacaACCEPTEDACCEPTEDIE v5.01,SP2 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Remote Access Service Phonebook Buffer OverflowMicrosoft Windows 2000Remote Access Service (RAS)Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.Tiffany BergeronShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."Dragos PrisacaDRAFTBrendan MilesINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDPrint Spooler Load Library VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCross-Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Insufficient Data Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDHTML Editing Component ActiveX Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel NULL Pointer Dereference VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTBrendan MilesINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDActive Directory Memory Leak VulnerabilityMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDSharath SINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 4)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft FrontPage Server Extensions 2002Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMGlenn StricklandJonathan BakerJonathan BakerShane ShafferSudhir GandheShane ShafferINTERIMExchange Server 5.5 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDDirectX NULL Byte Overwrite VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXUnspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWinINet Credential Reflection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerWindows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDJ. Daniel BrownDEPRECATEDDEPRECATEDWindows Kernel Pointer Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDNS Server Query Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDRPC Marshalling Engine VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'aswMon2.sys' Stack-based Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusStack-based buffer overflow in aswMon2.sys in Avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMS-CHAP Authentication Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Desktop VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Input Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2009-2530)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInteger Overflow in X.509 Object Identifiers VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft ASN.1 LibraryInteger overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWMP Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Windows Media PlayerHeap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDActive Directory Invalid Free VulnerabilityMicrosoft Windows 2000The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVirtual PC and Virtual Server Privileged Instruction Decoding VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Virtual Server 2005Microsoft Virtual PC 2004Microsoft Virtual PC 2007The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 R2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Virtual Server 2005 R2The application Microsoft Virtual Server 2005 R2 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2007 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2007 Service Pack 1 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2007 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 Enterprise is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Virtual Server 2005The application Microsoft Virtual Server 2005 Enterprise is installed.Sudhir GandheDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2004 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2004 Service Pack 1 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 Standard is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Virtual Server 2005The application Microsoft Virtual Server 2005 Standard is installed.Sudhir GandheDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDPage Transition Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows HTTP Services Integer Underflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."Kyle KeyDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the TEA decoding algorithm in Rhino Software Serv-UMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Rhino Software Serv-UStack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDDNS Server Vulnerability in WPAD Registration VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDWPAD WINS Server Registration VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMSMQ Null Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBlended Threat Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerApple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDEPRECATEDJosh TurpinDEPRECATEDActive Directory Overflow VulnerabilityMicrosoft Windows 2000Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDEvent System VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.Sudhir GandheDRAFTINTERIMACCEPTEDManeesh JollyACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDServer Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDPrashanth A.INTERIMACCEPTEDACCEPTEDCSS Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIIS FTP Service RCE and DoS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Information Server (IIS)Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMemory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWorkstation Service Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPStack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPrashanth A.INTERIMACCEPTEDACCEPTEDIE v5.01, SP4 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDSMB Validation Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."Sudhir GandheDRAFTTimothy HarrisonINTERIMACCEPTEDACCEPTEDMemory Corruption in Indexing Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDRace Condition Cross-Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerRace condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Handle Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows HTTP Services Certificate Name Mismatch VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."Kyle KeyDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257.Sudhir GandheDRAFTDragos PrisacaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'aavmKer4.sys' Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusaavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAvast! AntiVirus for Windows is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Avast! AntiVirusThe application Avast! AntiVirus for Windows is installed.Sharath SDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Desktop Parameter Edit VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDSMB Credential Reflection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.Sudhir GandheDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaDragos PrisacaDragos PrisacaDragos PrisacaDragos PrisacaDragos PrisacaDragos PrisacaACCEPTEDPrashanth A.INTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSChannel Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDWindows Kernel Unhandled Exception VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.Sudhir GandheDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDPointer Reference Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerUse-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.Dragos PrisacaDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMailslot Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.Robert L. HollisINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMSXML DTD Cross-Domain Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMessaging Queue Service Remote Code Execution VulnerabilityMicrosoft Windows 2000Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."Jeff ItoDRAFTINTERIMACCEPTEDACCEPTEDGDI Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPrashanth A.INTERIMACCEPTEDACCEPTEDVulnerability in Content-Disposition Header VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office XPCross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDACCEPTEDTCP/IP Orphaned Connections VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDirectX Pointer Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXThe QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDSPN VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Windows Media Player 6.4Windows Media Server 4.1Windows Media Server 9Windows Media Format Runtime 7.1Windows Media Format Runtime 9.5Windows Media Format Runtime 11Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Messenger 6 libpng Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMSN MessengerMultiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDDEPRECATEDMaria KedovskayaDEPRECATEDAVI Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 NNTP Component Buffer OverflowMicrosoft Windows 2000Network News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Color Management System VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.Sudhir GandheDRAFTDragos PrisacaINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDHTML Component Handling VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Driver Class Registration VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet Explorer 7Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Window Creation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDWindow Location Property Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 5.01Microsoft Internet Explorer 6Microsoft Internet Explorer 7Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors.Sudhir GandheDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows RPC Denial of ServiceMicrosoft Windows 2000Remote Procedure Call (RPC)The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.Tiffany BergeronChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDataGrid Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Visual Basic 6.0The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDLSASS Recursive Stack Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDURL Parsing Cross-Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Outlook ExpressMicrosoft MailThe MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSMB Buffer Overflow Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDIIS 5.0 WebDAV Authentication Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server 5.0The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.Dragos PrisacaDragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMSXML Header Request VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Office 2003Microsoft Office 2008Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."Sudhir GandheSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDNull Truncation in X.509 Common Name VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft ASN.1 LibraryThe CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla IDN heap overrun using soft-hyphensMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaBuffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDHTML Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet Explorer 5.01Microsoft Internet Explorer 6Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSJava Applet CODEBASE File Access VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Virtual Machine (VM)Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.Tiffany BergeronINTERIMACCEPTEDACCEPTEDPrint Spooler Read File VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHierarchical FlexGrid Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Visual Basic 6.0Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTED"SITE SET TRANSFERPROGRESS ON" FTP Command Denial of Service Vulnerability in Rhino Software Serv-UMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Rhino Software Serv-URhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDRhino Software Serv-U is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Rhino Software Serv-UThe operating system having Rhino Software Serv-U installation.Sharath SDRAFTINTERIMACCEPTEDACCEPTEDMasked Edit Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0Microsoft Visual FoxProMicrosoft Visual Studio .NET 2002Microsoft Visual Studio .NET 2003Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMSXML Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDSMB Buffer Underflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDBlended Threat Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDEPRECATEDJosh TurpinDEPRECATEDAccess Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Office SharePoint Server 2007Microsoft Search Server 2008Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2007 is installed.Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2007Microsoft Office SharePoint Server 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Search Server 2008 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Search Server 2008 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSource Element Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2009-2531)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInteger Overflow in IPP Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDWindows 2000 Workstation Service Logging Function Buffer OverflowMicrosoft Windows 2000Microsoft Windows Workstation ServiceStack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.Tiffany BergeronACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 SSL Cached Content VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDNS Insufficient Socket Entropy VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."Jeff ItoDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework Pointer Verification VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET FrameworkMicrosoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMJ. Daniel BrownJ. Daniel BrownJ. Daniel BrownACCEPTEDJosh TurpinINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 2.0Microsoft .NET Framework 2.0 Service Pack 1 is installedDragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDNS Server Response Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet Explorer 7Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDImproper Cross Domain Security Validation with ShowHelp FunctionalityMicrosoft Windows 2000Microsoft Internet ExplorerThe showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."David ProulxChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDISATAP VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Windows Media Player 6.4Windows Media Server 4.1Windows Media Server 9Windows Media Format Runtime 7.1Windows Media Format Runtime 9.5Windows Media Format Runtime 11Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Media Player 6.4 is installed.Microsoft Windows 2000Windows Media Player 6.4Windows Media Player 6.4 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Media Services 9 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Media Services 9The application Microsoft Media Services 9 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Media Services 4.1 is installedMicrosoft Windows 2000Microsoft Media Services 4.1The application Microsoft Media Services 4.1 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDEmbedded OpenType Font Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCharts Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0Microsoft Visual FoxProMicrosoft Visual Studio .NET 2002Microsoft Visual Studio .NET 2003The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Visual FoxPro is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual FoxProMicrosoft Visual FoxPro is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDEvent System VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.Sudhir GandheDRAFTINTERIMACCEPTEDManeesh JollyINTERIMManeesh JollyACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMJPEG Decompression VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXUse-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."Kyle KeyDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows (ME, NT, 2K), IE v5.5,SP2 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k NULL Pointer Dereferencing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWINS Memory Overwrite VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."Jeff ItoDRAFTTodd DolinskyINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 ia64 Service Pack 2 or later is installedMicrosoft Windows Server 2003The operating system installed on the system is Microsoft Windows Server 2003 (ia64) Service Pack 2 or later.Sudhir GandheINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMJosh TurpinACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI stack Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft Jet Engine MDB File Parsing Stack Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Jet 4.0 Database EngineStack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.Sudhir GandheDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Jet 4.0 Database Engine is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Jet 4.0 Database EngineMicrosoft Jet 4.0 Database Engine is installed.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDData Stream Handling Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.Sudhir GandheDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSAMI Format Parsing VulnerabilityMicrosoft Windows 2000DirectXStack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDWindows Media Playback Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Windows Media Format Runtime 9.0Windows Media Format Runtime 9.5Windows Media Format Runtime 11Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMDragos PrisacaACCEPTEDDragos PrisacaINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.6 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.6Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 and Internet Explorer 7 KEYGEN element vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.Prabhu.S.ADRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Win2k,SP4)Microsoft Windows 2000MSDTCThe MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDVBScript and JScript Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSpeech API VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.Sudhir GandheDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."Sudhir GandheDRAFTRobert L. HollisSudhir GandheACCEPTEDPooja ShettyINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoACCEPTEDACCEPTEDActiveX Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerStack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.Sudhir GandheDRAFTRobert L. HollisSudhir GandheACCEPTEDPooja ShettyINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoACCEPTEDACCEPTEDIE v5.01,SP4 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDActiveX Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerThe HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.Sudhir GandheDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDEmbedded OpenType Font Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDGDI Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDWindows Kernel Invalid Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows Kernel VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.Sudhir GandheDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDIE v5.5 Malformed PNG Image File Failure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMalformed AVI Header VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDLSASS Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.Sudhir GandheINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDOLE Dialog Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Interactive TrainingThe OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDProperty Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."Sudhir GandheDRAFTRobert L. HollisSudhir GandheACCEPTEDPooja ShettyINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Information Services Local Privilege Elevation VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Information Server (IIS) 5.0Microsoft Internet Information Server (IIS) 5.1Microsoft Internet Information Server (IIS) 6.0Microsoft Internet Information Server (IIS) 7.0Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.Jeff ItoDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft IIS 7.0 is installedMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft IIS 7.0The application Microsoft IIS 7.0 is installed.Jeff ItoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOLE Heap Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Visual Basic 6.0Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.Sudhir GandheDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Visual Basic 6.0 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0The application Microsoft Visual Basic 6.0 is installed.SecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDDNS Cache Poisoning VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.Jeff ItoDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Indexing Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Indexing ServiceCross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Install Engine Buffer OverflowMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows HTTP Services Credential Reflection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."Kyle KeyDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDJ. Daniel BrownDEPRECATEDMike LahShane ShafferDEPRECATEDDNS Spoofing Attack VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.Sudhir GandheDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRequest Header Cross-Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 5.01Microsoft Internet Explorer 6Microsoft Internet Explorer 7The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.Sudhir GandheDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel TCP/IP/ICMP VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."Sudhir GandheINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaDragos PrisacaDragos PrisacaDragos PrisacaACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.Sudhir GandheDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.5 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDSMB Validation Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."Sudhir GandheTimothy HarrisonDRAFTINTERIMACCEPTEDACCEPTEDMJPEG Decoder VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008DirectXMicrosoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."Sudhir GandheDRAFTINTERIMJeff ItoACCEPTEDPrashanth A.INTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDChandan SINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDParameter Validation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Active Directory Denial of Service VulnerabilityMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.Jeff ItoDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDSharath SINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDIE v5.01, SP4 SSL Cached Content VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCSS Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Message Queuing Buffer OverflowMicrosoft Windows 2000Message QueuingBuffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft .NET Framework v1.0 Security BypassMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft .NET FrameworkThe Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMMatthew WojcikDaniel TarnuACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE5.01,SP4)Microsoft Windows 2000Microsoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Encoded Characters Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS Windows RPC DCOM DoS-based Privilege Escalation VulnerabilityMicrosoft Windows 2000Remote Procedure Call (RPC)The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.Tiffany BergeronACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMSN Messenger GIF Size Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003MSN MessengerGIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDJonathan BakerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDBuffer Overrun in Server Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Active Directory Denial of Service VulnerabilityMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.Jeff ItoDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDSharath SINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDArgument Handling Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."Sudhir GandheDRAFTRobert L. HollisSudhir GandheACCEPTEDPooja ShettyINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoACCEPTEDACCEPTEDMicrosoft Windows Server 2003 for Itanium is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 for Itanium is
installed.Sudhir GandheINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."David ProulxRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnchecked Buffer in SQLXML ISAPI Extension for Microsoft Data Access Components 2.7Microsoft Windows 2000Microsoft SQL Server 2000Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."Matthew BurtonMatthew BurtonDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE5.01,SP3)Microsoft Windows 2000Microsoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDDan HaynesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnchecked Buffer in SQLXML ISAPI Extension for Microsoft Data Access Components 2.6Microsoft Windows 2000Microsoft SQL Server 2000Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."Matthew BurtonMatthew BurtonMatthew BurtonDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDWindows 2000 Object Management VulnerabilityMicrosoft Windows 2000Windows kernelBuffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIIS Server Side Include Web Pages Buffer OverrunMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."Tiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWin2k Large Window Size TCP RST Denial of ServiceMicrosoft Windows 2000TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMS Internet Security and Acceleration Server H.323 Buffer OverflowMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Internet Security and Acceleration Server 2000Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.David ProulxINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengJeff ChengACCEPTEDACCEPTEDMS Exchange / OWA NTLM Authentication VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Exchange ServerMicrosoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.Andrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMJeff ChengJeff ChengINTERIMHyperTerminal Session File Vulnerability (Windows 2000)Microsoft Windows 2000HyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDJohn HoylandINTERIMDaniel TarnuACCEPTEDMike LahINTERIMMike LahACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows 2000 Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows 2000Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMSHTA Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Windows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01 Encoded Characters Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzACCEPTEDRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDISA Server NetBIOS Packet Filter Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.Christine WalzerDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDACCEPTEDLoadImage Cursor and Icon Format Handling Vulnerability (Windows 2000)Microsoft Windows 2000Cursor and Icon FormattingInteger overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 Unknown Vector SMB VulnerabilityMicrosoft Windows 2000Small Business Server 2000Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."Jonathan BakerDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 HTML Help Remote Code Execution VulnerabilityMicrosoft Windows 2000HTML Help FacilityInteger overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.Andrew ButtnerDRAFTINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDFTP Server Command Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerCRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: IIS Help File Search Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.Tiffany BergeronShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWindows 2000 Access Requests Privilege Escalation VulnerabilityMicrosoft Windows 2000Windows kernelThe kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUse-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."Jeff ItoDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."Jeff ItoDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft DirectX Code Execution VulnerabilityMicrosoft Windows 2000DirectXStack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.Jeff ItoDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows ListView Shatter Message VulnerabilityMicrosoft Windows 2000Utilities Manager/Windows MessagingThe control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."Jeff ItoDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in Message Queuing Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPStack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Temporary Internet Files folders Name Reading VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIIS Web Server Folder TraversalMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.Tiffany BergeronDragos PrisacaINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDVulnerability in DNS Could Allow SpoofingMicrosoft Windows 2000Microsoft Windows Server 2003The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDirectAnimation ActiveX Controls Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01, SP3 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Information Services using Malformed Active Server Pages VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Information Server (IIS)Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).Robert L. HollisINTERIMACCEPTEDKen LassesenINTERIMACCEPTEDACCEPTEDMicrosoft IIS 6.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft IIS 6.0The application Microsoft IIS 6.0 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Long Share Names VulnerabilityMicrosoft Windows 2000Windows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."Jeff ItoDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Layout and Positioning Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 VDM Privilege Escalation VulnerabilityMicrosoft Windows 2000VDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visual Studio .NET 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft DirectX Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaDirectXBuffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.Jeff ItoDRAFTINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDChandan SINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDServer Service Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDISA Server Reverse DNS Lookup Results SpoofingMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDACCEPTEDWindows Telnet Server Buffer OverflowMicrosoft Windows 2000Telnet protocolBuffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.Christine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (IE6)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED.NET 2.0 Application Folder Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft .NET FrameworkMicrosoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."Robert L. HollisINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Client Service for NetWare Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003NetWareUnspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Cross Domain Verification via Cached Methods VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Winsock Proxy Service Denial of ServiceMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.Tiffany BergeronACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDSMB Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000SMB (Server Message Block)The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Client Service for NetWare Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003NetWareBuffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExchange Server SMTP Buffer OverflowMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Exchange ServerHeap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDCode Execution via Compiled HTML Help FileMicrosoft Windows 2000HTML Help FacilityThe HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDOffice XP URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office XP SP3Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogIngrid SkoogIngrid SkoogAnna MinDRAFTINTERIMACCEPTEDINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01, SP3 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Malformed PNG Image File Failure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP4 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP4 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS HTTP Header Field Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDGDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office XP SP2Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDIE v6.0 Cross Domain Verification via Cached Methods VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE AbusiveParent Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMAndrew ButtnerACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2k IP Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Project 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDWindows 2000 Group Policy BypassMicrosoft Windows 2000Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.Tiffany BergeronChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft .NET FrameworkCross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE6,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRIS Writable Path VulnerabilityMicrosoft Windows 2000The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHTML Help ActiveX Control Buffer OverflowMicrosoft Windows 2000HTML Help ActiveX ControlBuffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.Christine WalzerAndrew ButtnerACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIIS AddHeader Large Header Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.Tiffany BergeronChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0,SP1 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 3)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft SharePoint Team ServicesBuffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 2)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft FrontPage Server Extensions 2002Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01,SP4 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6.0,SP1 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWeb View Remote Code Execution VulnerabilityMicrosoft Windows 2000Windows ExplorerThe Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.Ingrid SkoogDRAFTAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0,SP1 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS FTP Connection Status Request Denial of ServiceMicrosoft Windows 2000FTPThe FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.Tiffany BergeronGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDNetBT Name Service Information Access VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003NetBT Name ServiceThe NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.Ingrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDSudhir GandheSudhir GandheINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWin2k Blind Connection Reset Attack VulnerabilityMicrosoft Windows 2000Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0,SP1 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Task Scheduler Stack OverflowMicrosoft Windows 2000Task SchedulerStack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 ComboBox/ListBox GUI Widget User32.dll Buffer OverflowMicrosoft Windows 2000Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.Tiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDINTERIMChristine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWindows Shell Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows 2000 Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows 2000The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDTIF Folder Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.Robert L. HollisDRAFTINTERIMMatthew WojcikACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows NNTP Memory LeakMicrosoft Windows 2000Network News Transport Protocol (NNTP)Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.Christine WalzerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.5 Domain Restriction Bypass Cross-Frame ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Visio 2003The application Microsoft Office Visio 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Bitmap Integer Overflow VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAnimated Cursor Denial of Service (Windows 2000)Microsoft Windows 2000Windows Animated CursorThe Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFolder GUID Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMS SQL Server Bulk Insert Procedure Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows 2000 Kernel Debugger-based Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDTIF Folder Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.Robert L. HollisDRAFTINTERIMMatthew WojcikACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Unchecked Buffer in NetDDE (Test 1)Microsoft Windows 2000NetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDNelson BunkerINTERIMShane ShafferACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 1)Microsoft Windows 2000Microsoft FrontPage Server Extensions 2000Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Tiffany BergeronTiffany BergeronINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01,SP3 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDSQL Server LPC Port Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.Yi-Fang KohJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMMatthew WojcikMatthew WojcikMatthew WojcikACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDDan HaynesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft SMTP Malformed BDAT Request Denial of ServiceMicrosoft Windows 2000SMTPSMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.Tiffany BergeronAndrew ButtnerShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDSMB Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."Robert L. HollisINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSQL Server Named Pipe Denial of ServiceMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.Yi-Fang KohJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMMatthew WojcikMatthew WojcikMatthew WojcikACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows 2000 SNMPv1 Trap Handling DoS and Privilege Escalation (Test 2)Microsoft Windows 2000Simple Network Management Protocol (SNMP)Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Harvey RubinovitzHarvey RubinovitzINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 2)Microsoft Windows 2000Remote Procedure Call (RPC)Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.Tiffany BergeronACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Data Access Components 2.6 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.6Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDOLE Component Input Validation Vulnerability (Windows 2000)Microsoft Windows 2000Windows Media Player 9The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDUnchecked Buffer in Password Encryption ProcedureMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows 2000, IE v5.01 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Heap Overrun in HTR Chunked EncodingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWMI Object Broker VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual StudioCross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDXSLT Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesBuffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDWindows 2000 Windows POSIX Buffer OverflowMicrosoft Windows 2000POSIXThe POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.Ingrid SkoogINTERIMACCEPTEDJohn HoylandMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows 2000 IE HTML Help ActiveX control Cross Domain VulnerabilityMicrosoft Windows 2000Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."Matthew BurtonDRAFTMatthew BurtonMatthew BurtonINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSMB Session Digital Signature SidestepMicrosoft Windows 2000SMB Signing (Server Message Block)The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 Program Group Converter Buffer OverflowMicrosoft Windows 2000Program Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.5 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDIE v6.0 Domain Restriction Bypass Cross-Frame ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSQL Server OpenDataSource/OpenRowset Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.Yi-Fang KohIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDIE v5.01 Content Disposition/Type Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.Tiffany BergeronChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP3 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 2)Microsoft Windows 2000Certificate ValidationThe (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.Christine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 1)Microsoft Windows 2000Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Tiffany BergeronACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDAllows remote attackers to spoof web sites via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDAllows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDDenial of service (memory corruption) by leveraging access to a Low integrity process.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 9 is installedMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 9A version of Microsoft Internet Explorer 9 is installed.Shane ShafferDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Kernel Debugger-based Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 Network Connection Manager Privilege EscalationMicrosoft Windows 2000Network Connection Manager (NCM)A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.Christine WalzerChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP3 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 7Microsoft Internet Explorer 6Microsoft Internet Explorer 5Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.Robert L. HollisDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDLicense Logging Service Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft Data Access Components 2.8The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows 2000 Font Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWINS Association Context Vulnerability (Windows 2000)Microsoft Windows 2000The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01,SP4 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSQL Server Format String VulnerabilityMicrosoft Windows 2000Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.Yi-Fang KohShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS Chunked Encoding Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWindows Utility Manager Shatter Message Vulnerability IIMicrosoft Windows 2000Utility ManagerUtility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.Jonathan BakerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows XP Indexing Service Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Indexing ServiceThe Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.Harvey RubinovitzDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDScob and Toofer Internet Explorer v5.5,SP2 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Media Player PNG Processing VulnerabilityMicrosoft Windows 2000Windows Media Player 9Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengACCEPTEDACCEPTEDTroubleshooter ActiveX Control Buffer OverflowMicrosoft Windows 2000Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.Tiffany BergeronAndrew ButtnerACCEPTEDACCEPTEDIE v6.0,SP1 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSQL Server Named Pipe HijackingMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.Yi-Fang KohJonathan BakerINTERIMACCEPTEDINTERIMIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows Project Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengTodd DolinskyINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBuffer Overrun in DHCP Client Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DHCP ClientBuffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.Robert L. HollisINTERIMACCEPTEDACCEPTEDVulnerability in RPC Could Allow Denial of ServiceMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Vistarpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDSQL Server Extended Stored Procedure Parameter ParsingMicrosoft Windows 2000Microsoft SQL ServerThe xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.Tiffany BergeronIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMIngrid SkoogACCEPTEDChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDIE v5.5 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxMaria MikhnoINTERIMACCEPTEDACCEPTEDError Handling Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE5.01,SP4)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Frames Cross-site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDActiveX Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesThe XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 5 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 5Microsoft XML Core Services 5 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Media Player Code Execution Vulnerability Parsing SkinsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaWindows Media PlayerMicrosoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 Variant of Chunked Encoding Buffer OverrunMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."Andrew ButtnerACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWin2k Path MTU Discovery Attack VulnerabilityMicrosoft Windows 2000Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDHelp and Support Center PCHealth System Buffer Overflow (Windows 2000)Microsoft Windows 2000Help and Support Center (HSC)Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDAddress Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Data Access Components Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDClifford FarrugiaINTERIMClifford FarrugiaACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDOutlook Express v5.5,SP2 Malformed Email Header Denial of ServiceMicrosoft Windows 2000Microsoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDWindows 2000 Messenger Service Buffer OverflowMicrosoft Windows 2000Messenger ServiceThe Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.Christine WalzerACCEPTEDAndrew ButtnerACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAgent Remote Code Execution VulnerabilityMicrosoft Windows 2000Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:microsoft:windows-nt:2000:sp4Windows 2000 Enhanced Metafile Image Format Rendering Buffer OverflowMicrosoft Windows 2000Enhanced Metafile (EMF)Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDActiveX Object VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerThe tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS HTTP Redirect Error Message Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.Harvey RubinovitzShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATED.NET PE Loader VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkThe PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.Sudhir GandheDRAFTSudhir GandheRobert L. HollisRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDSNMP Agent Service Buffer OverflowMicrosoft Windows 2000Simple Network Management Protocol (SNMP)Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.Tiffany BergeronShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDRemote Code Execution Vulnerability in GDIMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDContent Disposition Parsing Cross Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDASP.NET Null Byte Termination VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft .NET FrameworkInterpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."Sudhir GandheDRAFTRobert L. HollisRobert L. HollisRobert L. HollisJonathan BakerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 1.0 (Service Pack 3 or later) is InstalledMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 1.0Microsoft .NET Framework 1.0 (Service Pack 3 or later) is InstalledSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 1.1 Service Pack 1 is InstalledMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Service Pack 1 is InstalledSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerHeap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.Robert L. HollisDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMSN Messenger 8.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN Messenger 8.0MSN Messenger 8.0 is installedRobert L. HollisDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSN Messenger 6.2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN Messenger 6.2MSN Messenger 6.2 is installedRobert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSN Messenger 7.5 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN Messenger 7.5MSN Messenger 7.5 is installedRobert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSN Messenger 7.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN Messenger 7.0MSN Messenger 7.0 is installedRobert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI Local Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPThe Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVulnerability in Crystal Reports for Microsoft Visual Studio Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Visual StudioStack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.Robert L. HollisDRAFTJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio 2005 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Visual Studio 2005Microsoft Visual Studio 2005 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDIMAP Literal Processing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerInteger overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJeff ChengINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDURL Parsing Cross Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook ExpressA component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDIE ActiveX Popup Zone Restriction BypassMicrosoft Windows 2000Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).Tiffany BergeronAndrew ButtnerACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Agent URL Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.Sudhir GandheDRAFTINTERIMACCEPTEDJosh TurpinINTERIMShane ShafferACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDSpeech Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMultiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Frames Cross-site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla Accessing XBL Compilation Scope via valueOf.call()Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDCSRSS DoS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.Sudhir GandheDRAFTINTERIMRobert L. HollisSudhir GandheACCEPTEDJosh TurpinINTERIMShane ShafferACCEPTEDChandan SINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows Active Directory Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows Script Engine Heap Overflow (Test 1)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPWindows Script Engine for JScript v5.6Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxDavid ProulxACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDSuppressed OVAL20Microsoft Windows 2000Distributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDMSDTC Denial of Service Vulnerability (Win2K)Microsoft Windows 2000Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWeak Encryption in RDP ProtocolMicrosoft Windows 2000Remote Data Protocol (RDP)Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."Tiffany BergeronChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDScott QuintINTERIMACCEPTEDACCEPTEDAutomatic ActiveX Approval on Windows 2000 Low MemoryMicrosoft Windows 2000The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.Tiffany BergeronTiffany BergeronACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIIS ISAPI Extension Indexing Service Buffer Overflow (Code Red)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.Tiffany BergeronTiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMozilla Cross-site Scripting Using .valueOf.call()Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMicrosoft Outlook Express v6,SP1 Malformed Email Header Denial of ServiceMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE .chm Directory Traversal Windows 2000 VulnerabilityMicrosoft Windows 2000HTML Help FacilityInternet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI Incorrect Parameter Local Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaBuffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDEMF Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaBuffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDCSS Cross-Domain Information Disclosure Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3180) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 Service Pack 2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMHT Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3849) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIIS Web Server File Request ParsingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.Tiffany BergeronDragos PrisacaINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDSMB Driver Elevation of Privilege Vulnerability (Win2K)Microsoft Windows 2000The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDLanguage Pack Installation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerRace condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDActiveX Certificate Enrollment Unauthorized Remote Certificate DeletionMicrosoft Windows 2000Certificate Enrollment ControlUnknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE Cross-Site ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.Andrew ButtnerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3847) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Security Channel Remote Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.Robert L. HollisDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDWord memory corruption vulnerability in Microsoft SharePoint (CVE-2013-3857) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 2 is installedSecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP2 is installedSecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDMIME Decoding VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Exchange ServerMicrosoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDNetwork Share Provider Buffer OverflowMicrosoft Windows 2000SMB (Server Message Block)Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".Christine WalzerChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMozilla Cross-site Scripting through window.controllersMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDArbitrary File Rewrite VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFlash Address Bar Spoofing Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft SharePoint (CVE-2013-3858) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web AppsMicrosoft SharePoint Server 2010Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3848) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTED.NET JIT Compiler VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET FrameworkThe Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".Sudhir GandheDRAFTSudhir GandheRobert L. HollisRobert L. HollisRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 (Original RTM or later) is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 2.0Microsoft .NET Framework 2.0 (Original RTM or later) is installedSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDRASMAN Registry Corruption Vulnerability (Win2K)Microsoft Windows 2000Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows Active Directory Denial of Service VulnerabilityMicrosoft Windows 2000The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.Sudhir GandheDRAFTSudhir GandheINTERIMACCEPTEDACCEPTEDMozilla Cross-site JavaScript Injection Using Event HandlersMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDWindows Animated Cursor Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaStack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (Win2K)Microsoft Windows 2000The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMozilla Mozilla Firefox Tag Order VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillansHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (Win2k)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (RegEx)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaInteger overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v9.0)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Media PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDExchange 2000,SP4 Calendar VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerUnspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDMsgBox (CSRSS) Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaDouble free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.Sudhir GandheDRAFTINTERIMRobert L. HollisSudhir GandheACCEPTEDJosh TurpinINTERIMShane ShafferACCEPTEDChandan SINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMozilla Secure-site Spoof (requires security warning dialog)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDWindows 2000 Negotiate Security Software Provider Denial of Service VulnerabilityMicrosoft Windows 2000Negotiate SSP interfaceThe Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.Ingrid SkoogINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDCSS Cross-Domain Information Disclosure Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000,SP4 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows 2000The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDFont Rasterizer VulnerabilityMicrosoft Windows 2000The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 6 (S03,SP1) WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIP Source Route Vulnerability (Win2K)Microsoft Windows 2000Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDDEPRECATED: Microsoft JScript Memory Corruption Vulnerability (Win2K w/ JScript 5.6)Microsoft Windows 2000Operating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDVML Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerInteger underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 5.5 WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDACCEPTEDIE v5.5 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."Andrew ButtnerMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows 2000 Microsoft Data Access Components RDS.Dataspace Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Data Access ComponentsUnspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5 HTA Execution Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 6 (S03-Gold, Itanium) WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Outlook Express 6 (64-bit XP) WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRPC Mutual Authentication VulnerabilityMicrosoft Windows 2000Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDART Image Rendering Vulnerability (Win2K)Microsoft Windows 2000Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFPSE XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft FrontPage Server Extensions 2002Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft FrontPage Server Extensions 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft FrontPage Server Extensions 2002Microsoft FrontPage Server Extensions 2002 is installedMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE5 Address Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visual Studio .NET 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE5 HTML Parsing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindow Location Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDNetwork News Transfer Protocol Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Outlook ExpressHeap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft Windows Mail is installedMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Windows MailMicrosoft Windows Mail is installedSudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDIE6 DHTML Method Call Memory Corruption (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE GetObject Security BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0.
Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate VeridataMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Oracle GoldenGate DirectorOracle GoldenGate VeridataApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (moz-grid)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMicrosoft Outlook Express 6,SP1 WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMAnna MinACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE 5.01 DHTML Method Call Memory CorruptionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6 HTML Parsing Vulnerability (Server 2003,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDCSS Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.Robert L. HollisDRAFTJeff ChengINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared FoldersMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDCAPICOM.Certificates VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft CapicomUnspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."Sudhir GandheDRAFTJonathan BakerJonathan BakerINTERIMACCEPTEDClifford FarrugiaINTERIMClifford FarrugiaClifford FarrugiaACCEPTEDTodd DolinskyINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Capicom is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft CapicomMicrosoft Capicom is installed.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling."Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CSS BO)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMHT Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Media Player 9 Bitmap Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Windows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDSharePoint Directory Traversal Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDDEPRECATED: Microsoft JScript Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Operating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWin32 API Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.Robert L. HollisDRAFTINTERIMACCEPTEDDan HaynesINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDIE6 HTA Execution Vulnerability (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBuffer Overflow Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDKernel Local Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.Sudhir GandheDRAFTINTERIMRobert L. HollisRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDRemote Code Execution Vulnerability in IE5.01Microsoft Windows 2000Microsoft Internet ExplorerAn unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed File FormatMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed GraphicMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox 4.1 componentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDHTML Decoding Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInteractive Training VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Interactive TrainingBuffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instructionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxSun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDMaria KedovskayaDEPRECATEDURL Redirect Cross Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook ExpressA component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDFlash Address Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMalformed iCal VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Exchange ServerThe Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDART Image Rendering Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPBuffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6 COM Object Instantiation Memory Corruption (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2K Kernel Privilege Escalation VulnerabilityMicrosoft Windows 2000The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDReflected XSS Vulnerability - MS12-062Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R3Microsoft Systems Management Server 2003Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 R2 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R2 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 R3 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007 R3Microsoft System Center Configuration Manager 2007 R3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 SP2 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 SP2 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Systems Management Server 2003 SP3 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Systems Management Server 2003Microsoft Systems Management Server 2003 SP3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Systems Management Server 2003 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Systems Management Server 2003Microsoft Systems Management Server 2003 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player 7.10 Bitmap Remote Code ExecutionMicrosoft Windows 2000Windows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDWMF Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed DescriptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMFC Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2002 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2002 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2003 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Visual Studio .NET 2003 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2002 is installedRobert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE6 Multiple Event Handler Memory Corruption (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Incorrect Type Handling Vulnerability - MS12-047Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7.DRAFTINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel LPC Privilege Escalation Vulnerability (Windows 2000)Microsoft Windows 2000Windows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWin2K,SP4 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUser Profile Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Downloading Executables with "Save Image As..."Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMicrosoft Agent Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerInteger overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 DDS Library Shape Control Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDCSNW Remote Buffer Overflow via Network Messages (Win2k,SP4)Microsoft Windows 2000NetWareThe Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWin2k,SP4 DDS Library Shape Control Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed RecordMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeStack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDUnsupported Version of WindowsMicrosoft Windows 2000Microsoft Windows XP'As Service Packs released by Microsoft mature, earlier versions and releases become unsupported. This equates to a cessation in software and security patches for that baseline. Using an unsupported version of Windows represents a severe security risk.'Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWin2K,SP4 HTTPS Proxy VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Virtual DOS Machine Local Privilege Escalation Vulnerability (Test 1)Microsoft Windows NTMicrosoft Windows 2000VDMThe component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.Ingrid SkoogIngrid SkoogACCEPTEDRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 HtmlHelp Heap OverflowMicrosoft Windows 2000HTML Help FacilityHeap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Application Suite has reached End-of-LifeMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozilla'mozilla.org has launched and delivered SeaMonkey, a community effort to deliver production-quality releases of code derived from the \"Mozilla Application Suite\". This equates to a cessation in software and security patches for that baseline. Using an unsupported software represents a high security risk because no fixes or patches will be made available in response to new vulnerabilities.'Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMRobert L. HollisDEPRECATEDDEPRECATEDWin2K,SP4 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2k,SP4 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (Windows 2000,SP4)Microsoft Windows 2000Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDDEPRECATED: Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBInteger signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDXSS in wizardlist.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesBuffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHeap Overrun in XBM Image ProcessingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaHeap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDSSL and TLS Protocols VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Service Pack 1 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 Service Pack 1Shane ShafferDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2 Itanium Edition Service Pack 1Josh TurpinDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Service Pack 1 is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2 x64 Service Pack 1Josh TurpinDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) Service Pack 1 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit) Service Pack 1Shane ShafferDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDWindows 2000 Shell Buffer OverflowMicrosoft Windows 2000Windows ShellBuffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.Christine WalzerChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDStack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDXSS in inplview.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDInteger underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesInteger underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDProperty Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDMaria MikhnoDEPRECATEDIE5 Multiple Event Handler Memory Corruption (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5 COM Object Instantiation Memory Corruption (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite about: Scheme Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 SNMPv1 Trap Handling DoS and Privilege Escalation (Test 1)Microsoft Windows 2000Simple Network Management Protocol (SNMP)Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Harvey RubinovitzAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDXSS in themeweb.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Malware Protection Engine Vulnerability-IIMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for SMTP GatewayMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for SharePointMicrosoft Windows DefenderWindows Live OneCareUnspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArgument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesArgument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2K Graphics Rendering Engine VulnerabilityMicrosoft Windows 2000The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDStack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft IE Encoded Characters Information DisclosureMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBkuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.Aharon CherninDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDIBM DB2 UDB is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPIBM DB2IBM DB2 UDB is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesBuffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesHeap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (Win2K,SP4)Microsoft Windows 2000Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDHTML Decoding Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer MIME HackMicrosoft Windows 2000Microsoft Internet ExplorerHTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.Tiffany BergeronAndrew ButtnerACCEPTEDRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDDragos PrisacaINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDConvert Buffer Overrun Vulnerability in SQL ServerMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.SecPod TeamDRAFTPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Malware Protection Engine Vulnerability-IMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for SMTP GatewayMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for SharePointMicrosoft Windows DefenderWindows Live OneCareUnspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Forefront Security for SharePoint is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Forefront Security for SharePointMicrosoft Forefront Security for SharePoint is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Antigen for Exchange is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for Exchange is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Forefront Security for Exchange Server is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for Exchange Server is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Defender is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows DefenderMicrosoft Windows Defender is installed.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDMicrosoft Antigen for SMTP Gateway is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for SMTP GatewayMicrosoft Antigen for SMTP Gateway is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Live OneCare is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows Live OneCareMicrosoft Windows Live OneCare is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCSS Tag Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.Sudhir GandheDRAFTRobert L. HollisRobert L. HollisINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI Invalid Window Size Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPThe Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIBM Lotus Notes is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPIBM Lotus NotesIBM Lotus Notes is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOutlook Web Access Script Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2003 Service Pack 2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2003Exchange Server 2003 SP2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Exchange Server 2000 Service Pack 3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Exchange Server 2000SP3 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2003 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Exchange Server 2003 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 (no Service Pack) is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 (no Service Pack) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Java Virtual Machine Security BypassMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Virtual Machine (VM)The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."Tiffany BergeronINTERIMACCEPTEDACCEPTEDWindows Media Player Code Execution Vulnerability Decompressing SkinsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaWindows Media PlayerUnspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins."Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDWindows Media Player v10 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Windows Media Player 10Windows Media Player v10 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Media Player v9 is installed.Microsoft Windows XPWindows Media Player 9Windows Media Player v9 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Media Player v11 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaWindows Media Player 11Windows Media Player v11 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Media Player v7.1 is installed.Microsoft Windows 2000Windows Media Player 7.1Windows Media Player v7.1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Script Engine Heap Overflow (Test 4)Microsoft Windows 2000Windows Script Engine for JscriptInteger overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.DRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMAnna MinACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (Win2k,SP4)Microsoft Windows 2000TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP4 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6 Address Bar Spoofing Vulnerability (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption Vulnerability in Internet ExplorerMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 5.01Microsoft Internet Explorer 6Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 1)Microsoft Windows 2000Certificate ValidationThe (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.Christine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 IIS WebDAV Message Handler Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDCross-Domain Information Disclosure Vulnerability in Internet ExplorerMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability."SecPod TeamDRAFTChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Harvey RubinovitzDRAFTJonathan BakerINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in Internet Explorer due to improper event-handlingMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability."SecPod TeamDRAFTChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExchange Server 5.0 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability in Internet ExplorerMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP Professional x64 Edition SP1 is installedMicrosoft Windows XPA version of Microsoft Windows XP Professional x64 Edition Service Pack 1 is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP1 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 SP1 (x64) is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBox related to Guest Additions for WindowsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.Shane ShafferDRAFTShane ShafferINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria KedovskayaINTERIMMaria KedovskayaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite JavaScript Integer OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaInteger overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDEndless Loop DoS in snabase.exe VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004Microsoft Host Integration Server 2006Microsoft Host Integration Server 2009Microsoft Host Integration Server 2010Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 HTR ISAPI Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDBuffer Overrun in HTML Help VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBoxMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.Shane ShafferDRAFTShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMMaria KedovskayaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIFRAME VulnerabilityMicrosoft Windows 98Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerHeap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAccess of Unallocated Memory DoS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004Microsoft Host Integration Server 2006Microsoft Host Integration Server 2009Microsoft Host Integration Server 2010Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2004 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004A version of Microsoft Host Integration Server 2004 SP1 is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyTodd DolinskyINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2006 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2006A version of Microsoft Host Integration Server 2006 is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2009 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Host Integration Server 2009A version of Microsoft Host Integration Server 2009 is installedDragos PrisacaDRAFTDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Host Integration Server 2010A version of Microsoft Host Integration Server 2010 is installedDragos PrisacaDRAFTDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows Explorer Web View Script Injection VulnerabilityMicrosoft Windows 2000Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE6 HTML Tag Memory Corruption (Win2K/WinXP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDNetwork Connection Manager Interruption of Service (Windows 2000)Microsoft Windows 2000netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWin2k Land VulnerabilityMicrosoft Windows 2000Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDContact Details Reflected XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows SharePoint Services 3.0Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDXSS in SharePoint Calendar VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 'AddFavorite' Method Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 7Microsoft Internet Explorer 8Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 through 8 spoofing vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Color Management Module Buffer OverflowMicrosoft Windows 2000Microsoft Color Management ModuleBuffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.Christine WalzerDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDEditform Script Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2010 is installed.Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2010Microsoft Office SharePoint Server 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDWindows Services for UNIX Could Allow Elevation of PrivilegeMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."Sudhir GandheSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDObject Spoofing using XBL <implements> VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDSecurity bypass vulnerability in Apache Tomcat 7.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatApache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRPCSS DCOM Buffer Overflow (Windows 2000)Microsoft Windows 2000Remote Procedure Call (RPC)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.Tiffany BergeronACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWin2k,SP4 DirectShow Malicious avi File VulnerabilityMicrosoft Windows 2000DirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaA regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer cross-site scripting (XSS) vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 8The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.Dragos PrisacaDRAFTBrandon ShillingINTERIMACCEPTEDACCEPTEDSQL Injection vulnerability in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."Andrew ButtnerChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInteger overflow vulnerability in the mt_rand function in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaPHPInteger overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.SecPod TeamDRAFTINTERIMShane ShafferACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBox 4.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VM VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDACCEPTEDVirtualBox is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxVirtualBox is installedSecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDNULL byte injection vulnerability in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPPHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (Win2k,SP4)Microsoft Windows 2000TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDBuffer overrun in Chunked Encoding mechanismMicrosoft Windows 2000Microsoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDHTML Help ActiveX Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDDenial of service via FTP status requestMicrosoft Windows 2000Microsoft Windows NTMicrosoft Windows XPMicrosoft Internet Information Server (IIS)The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 in IMAP extensionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPDouble free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOLE Automation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Visual Basic 6.0Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP1 for Itanium is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 SP1 for Itanium is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMozilla Privilege Escalation Using a JavaScript Function's Cloned ParentMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDPlug and Play User Data Validation Vulnerability (Windows 2000)Microsoft Windows 2000Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDBuffer overrun in HTR ISAPI extensionMicrosoft Windows 2000Microsoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDBuffer Overrun in ASP Server-Side Include FunctionMicrosoft Windows 2000Microsoft Windows NTMicrosoft Windows XPMicrosoft Internet Information Server (IIS)Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDEMF Rendering Denial of Service Vulnerability (Windows 2000)Microsoft Windows 2000The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDMike LahINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDVulnerability in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE5.01,SP4 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in HTTP BIO connector in Apache Tomcat 7.0.x through 7.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatThe HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDApache Tomcat is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatApache Tomcat is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in Internet Explorer due to HTML elementMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability."SecPod TeamDRAFTChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (x64) is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) Gold is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Gold is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows VistaDragos PrisacaDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMAndrew ButtnerACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64
EditionJonathan BakerDRAFTINTERIMACCEPTEDSudhir GandheINTERIMAndrew ButtnerACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (32-bit) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (32-bit) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP x64 is installedMicrosoft Windows XPA version of Microsoft Windows XP x64 is installed.SecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP (32-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP (32-bit).Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDCross-site Scripting in IIS Help File search facilityMicrosoft Windows 2000Microsoft Windows NTMicrosoft Windows XPMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer PDF Printing Information DisclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDIE6,SP1 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCross-site Scripting in Redirect Response messageMicrosoft Windows 2000Microsoft Windows NTMicrosoft Windows XPMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the Standard PHP Library (SPL) extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAccess violation in URL error handlingMicrosoft Windows 2000Microsoft Windows NTMicrosoft Windows XPMicrosoft Internet Information Server (IIS)The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft-discovered variant of Chunked Encoding buffer overrunMicrosoft Windows 2000Microsoft Windows NTMicrosoft Windows XPMicrosoft Internet Information Server (IIS)Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v7.1)Microsoft Windows 2000Media PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIE Improper Object Tag HandlingMicrosoft Windows 2000Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.Tiffany BergeronTiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDNS RPC Management VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.Sudhir GandheDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2003 is installedMicrosoft Windows Server 2003The operating system installed on the system is Microsoft Windows Server
2003.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDRace condition vulnerability in the PCNTL extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPRace condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDHeap corruption in the Intel Indeo41 codecMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDStep-by-Step Interactive Training Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Interactive TrainingBuffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMSDTC Invalid Memory Access Vulnerability (Win2K)Microsoft Windows 2000Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDUntrusted search path vulnerability in Microsoft Windows Progman Group ConverterMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows XPUntrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in the Intel Indeo41 codecMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 TAPI Buffer OverflowMicrosoft Windows 2000Telephony ServiceBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Andrew ButtnerDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDBuffer Overrun in HTTP Header handlingMicrosoft Windows 2000Microsoft Windows NTMicrosoft Windows XPMicrosoft Internet Information Server (IIS)Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server Extended Stored Procedure Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDIE6,SP1 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSecurity bypass vulnerability in the extract function in PHP before 5.2.15Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCross-site Scripting in HTTP Error PageMicrosoft Windows 2000Microsoft Windows NTMicrosoft Windows XPMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft IIS 5.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft IIS 5.0The application Microsoft IIS 5.0 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft IIS 5.1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft IIS 5.1The application Microsoft IIS 5.1 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft IIS 4.0 is installedMicrosoft Windows NTMicrosoft IIS 4.0The application Microsoft IIS 4.0 is installed.Josh TurpinDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxMaria MikhnoINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Indeo (CVE-2009-4311)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite Chrome Window Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE5.01,SP3)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSO Large SPID Read AV VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office XP is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The application Microsoft Office XP is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPHP is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPPHP is installedSecPod TeamDRAFTINTERIMSecPod TeamACCEPTEDACCEPTED.lnk File-Properties Remote Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWin2K COM object Remote Code Execution VulnerabilityMicrosoft Windows 2000Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDDEPRECATED: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet ExplorerUse-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references.SecPod TeamDRAFTINTERIMDragos PrisacaDEPRECATEDMaria MikhnoDEPRECATEDWindows 2000 SMB Buffer OverflowMicrosoft Windows 2000SMB (Server Message Block)Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.Tiffany BergeronACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDSChannel Malformed Certificate Request Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMsxml2.XMLHTTP.3.0 Response Handling Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft XML Core Services 3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 3Microsoft XML Core Services 3 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft ISA Server Cross-Site ScriptingMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."Tiffany BergeronACCEPTEDJeff ChengINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDACCEPTEDDenial of service (memory corruption) in Microsoft Indeo codecMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDPointer leakage vulnerability in Internet ExplorerMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.SecPod TeamDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Edition is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008
R2 x64 EditionDragos PrisacaDRAFTINTERIMTodd DolinskyTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 x64 Edition Service Pack 2Dragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 8 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8A version of Microsoft Internet Explorer 8 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMMaria MikhnoACCEPTEDACCEPTEDMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 Itanium Edition Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) Service Pack 2 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008
R2 Itanium EditionDragos PrisacaDRAFTINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Edition is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 EditionPai PengDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDMaria KedovskayaINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (ia-64) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008
Itanium EditionJeff ItoDRAFTINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDJ. Daniel BrownINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 (32-bit) Service Pack 2Dragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition Service Pack 2 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (64-bit) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008
(64-bit)Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMTim
HarrisonINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDJ. Daniel BrownINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition Service Pack 1 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 1Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (32-bit) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008
(32-bit)Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDDHTML Script Function Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMMatthew WojcikACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the Intel Indeo41 codecMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 COM Structured Storage VulnerabilityMicrosoft Windows 2000COM Internet ServicesWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMPEG Layer-3 Audio Decoder Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Indeo (CVE-2009-4312)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 SP2 (x64) is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) SP2 is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Service Pack 2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDCrystal Reports Business Objects Directory TraversalMicrosoft Windows 2000Crystal EnterpriseCrystal ReportsDirectory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.Andrew ButtnerJonathan BakerINTERIMCrash on "zero-width non-joiner" SequenceMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDHyperlink Object Function VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDFTP Download Destination Tampering Vulnerability (Windows 2000)Microsoft Windows 2000The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDISA Server Poison Cache VulnerabilityMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.Christine WalzerDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDACCEPTEDFTP Server Response Parsing Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerThe wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.Robert L. HollisDRAFTDragos PrisacaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v6.0,SP1 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in SigPlus Pro 3.74 ActiveX controlMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPSigPlus Pro ActiveX controlStack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows remote attackers to execute arbitrary code via a long eighth argument (HexString) to the LCDWriteString method.Preeti SubramanianDRAFTNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDSigPlus Pro ActiveX control is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPSigPlus Pro ActiveX controlSigPlus Pro ActiveX control is installedPreeti SubramanianDRAFTNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDMicrosoft Windows 2000 is installedMicrosoft Windows 2000The operating system installed on the system is Microsoft Windows 2000.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP (x86) SP2 is installedMicrosoft Windows XPA version of Microsoft Windows XP (x86) Service Pack 2 is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit)Pai PengDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP (x86) SP3 is installedMicrosoft Windows XPA version of Microsoft Windows XP (x86) Service Pack 3 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) Service Pack 1 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 1Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista
(32-bit)Jonathan BakerDRAFTINTERIMACCEPTEDSudhir GandheINTERIMAndrew ButtnerACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.Robert L. HollisDRAFTDaniel TarnuINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS Windows RPC DCOM DoS-based Privilege Escalation Vulnerability (Test 2)Microsoft Windows 2000Remote Procedure Call (RPC)The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDirectX 9 DirectShow Malicious MIDI File VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDDirectAnimation ActiveX Controls Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 HTTPS Proxy VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE Web Page Spoofing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."Tiffany BergeronINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDirectX 8 DirectShow Malicious MIDI File VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE plugin.ocx Heap OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows ntdll.dll Buffer OverflowMicrosoft Windows 2000Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.Tiffany BergeronAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDXMLHttpRequest Header Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMicrosoft Outlook Express 5.5,SP2 News Reading VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDMozilla JavaScript Garbage-collection Hazard AuditMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP x64 Edition SP2 is installedMicrosoft Windows XPA version of Microsoft Windows XP Professional x64 Edition Service Pack 2 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x86) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 Service Pack 2 (x86) is installed.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDExchange 2000 Server TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMS CIFS Spoofed Browse Frame Request VulnerabilityMicrosoft Windows 2000NetBIOSInteractions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.Tiffany BergeronINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows NT/2000 ASN.1 Library Double-free Memory Corruption VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft ASN.1 LibraryDouble free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.David ProulxINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows NT is installedMicrosoft Windows NTThe operating system installed on the system is Microsoft Windows NT.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerJeff ChengINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDACCEPTEDWindows 2000 Internet Printing ISAPI Extension Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.Christine WalzerINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft JScript Memory Corruption VulnerabilityMicrosoft Windows 98Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDWMF Rendering Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDDCOM RPC Object Identity Windows 2000 VulnerabilityMicrosoft Windows 2000Remote Procedure Call (RPC)The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."Christine WalzerINTERIMACCEPTEDACCEPTEDVulnerability in Vector Markup Language (VML) Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerInteger overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 7 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet Explorer 7A version of Microsoft Internet Explorer 7 is installed.Sudhir GandheDRAFTINTERIMAndrew ButtnerACCEPTEDBrendan MilesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows Address Book Contact Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook ExpressUnspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 5.5 SP2 is installed.Microsoft Windows 2000Microsoft Outlook Express 5.5Microsoft Outlook Express 5.5 SP2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Outlook Express 6 SP1 is installed.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook Express 6Microsoft Outlook Express 6 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Outlook Express 6.0 for Windows XP/2003 is installedMicrosoft Windows XPMicrosoft Outlook Express 6.0Microsoft Outlook Express 6.0 for Windows XP/2003 is installedRobert L. HollisDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMultiple Vulnerabilities in Rockliffe MailSite ExpressMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Rockliffe MailSite ExpressCross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.Rahul MohandasDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Directory Traversal Command Execution (Test 2)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Christine WalzerINTERIMACCEPTEDACCEPTEDSNMP Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows Utility Manager Shatter Message VulnerabilityMicrosoft Windows 2000Utility ManagerThe Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.Harvey RubinovitzINTERIMACCEPTEDACCEPTEDWindows 2000 Print Spooler Service Buffer OverflowMicrosoft Windows 2000Print Spooler ServiceBuffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.Matthew BurtonDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft XML Core Services VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesUnspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 6Microsoft XML Core Services 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 4 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 4Microsoft XML Core Services 4 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla Privilege Escalation via XBL.method.evalMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDVeritas Backup Exec RestrictAnonymous Forced Misconfiguration VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Veritas Backup Exec 8.5Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.Tiffany BergeronINTERIMIngrid SkoogINTERIMWindows 2000 DirectPlay Denial of ServiceMicrosoft Windows 2000Microsoft DirectPlayIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE5.01,SP3 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2k Domain Controller LSASS Denial of ServiceMicrosoft Windows 2000Lightweight Directory Access Protocol (LDAP)Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.Tiffany BergeronINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE File Download Dialog Deception VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 IIS5 WebDAV Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v6.0,SP1 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDIE6,SP1 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFirefox and Mozilla top.focus() Cross-Site Scripting VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.Robert L. HollisChristine WalzerJonathan BakerINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDACCEPTEDWindows 2000 PKINIT Information Disclosure VulnerabilityMicrosoft Windows 2000Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows 2000 Kerberos Message DoS VulnerabilityMicrosoft Windows 2000Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMozilla Local File Loading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Creates World-readable temp FilesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing during Binary DownloadMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing via "View Source"Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Inactive Tab Form Data Theft VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Malicious news: VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla ThunderbirdHeap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox Script-generated Download Prompt BypassMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Inactive Tab Dialog Box VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxmozillaFirefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla 407 Proxy Information Disclosure VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Thunderbird Subject to IE Vulnerabilities via javascriptMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla ThunderbirdThunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Mail News Cookie Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers bypass the user's intended privacy and security policy by using cookies in e-mail messages.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Livefeed Bookmark Cookie SwipingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Popup Content Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla UTF8 to Unicode Conversion Heap OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdHeap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Download/Security Dialogs Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla 'user:pass@host' Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdThe installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla String Library Memory Overwrite VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdString handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Autocomplete Data LeakMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XSLT Stylesheet Information Disclosure PotentialMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Double Download .lnk VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla "Save Link As" Dialog Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Download Dialog Source Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla HTTP auth Prompt Tab SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Image Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Cross-site Scripting via Drag and Drop to TabMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Privileged Content Loading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla IDN Homograph Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla GIF Heap OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdHeap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDFirefox Sidebar Panel Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XUL Drag and Drop Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Javascript "lambda"Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla PLUGINSPAGE Privileged Javascript Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla blocked javascript: popup Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Global Pollution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla favicons Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Search Plugin Cross-site Scripting VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox Sidebar Code Execution via _search TargetMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxMultiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla InstallTrigger Instance Validation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla DOM Node Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Suite InstallTrigger Callback VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Robert L. HollisChristine WalzerJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla JavaScript Wrapping VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Script Privilege Context VulnerabilitiesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDImproper Handling of Synthetic Events in MozillaMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDXBL Script Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDFirefox Wallpaper VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDMatthew WojcikACCEPTEDJohn HoylandINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox InstallTrigger Callback VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFirefox Sidebar Script Injection via _search TargetMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDInstallVersion.compareTo() DoS and Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla Framed Site Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaA regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.Robert L. HollisJonathan BakerChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox External App Code Acceptance VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.Robert L. HollisChristine WalzerJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFirefox and Mozilla Javascript Dialog Box SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."Robert L. HollisChristine WalzerJonathan BakerMatthew WojcikINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla DOM Node SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla Shared Object Code ExecutionMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDIFRAME in Firefox and Mozilla Permits Execution of Arbitrary Javascript in Other DomainsMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDInstall Function in Firefox and Mozilla Permits Arbitrary Code ExecutionMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDVML Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerStack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP1 (x86) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 Service Pack 1 (x86) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 6The application Microsoft Internet Explorer 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP SP2 or later is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP2 or laterRobert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP SP1 (64-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP1 (64-bit).Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 5.01 SP4 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 5The application Microsoft Internet Explorer 5.01 SP4 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows 2000 SP4 or later is installedMicrosoft Windows 2000The operating system installed on the system is Microsoft Windows 2000 SP4 or later.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (x86) Gold is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (x86) Gold is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP SP1 (32-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP1 (32-bit).Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows XP is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDAs stated in the iDefense security advisory, if this key exists and contains a value, then the system has Interactive Training installed, and it will process .cbo files.We think, but are not sure that the affected version of bkupexec.exe is 3.60.1.298 The file should be found in C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OleEnableDCOMHTTPrpcproxy.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\URL\PrefixesgopherHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q823718IsInstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A02HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A02HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A03HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A03HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\ServerEnablednsiislog.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB817772InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822343InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\Hotfix\Q811114InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{A954CDD5-A95F-414F-B3FE-FBEF9D2AECEA}IsInstalledh323.tspHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q291845InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NetlogonStartmsgina.dll^LM/W3SVC/.*$5506mup.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q311967InstalledMspaint.exeKdcsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{14FD1463-1F3F-4357-9C03-2080B442F503}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CB13DB-20AB-43C5-B283-977C58FB5754}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E0ECA9C3-D669-4EF4-8231-00724ED9288F}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NetShowVersionnscm.exenspmon.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Services\KB832359IsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\nsstationStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Services\KB832359StartCsrsrv.dllssmsrp70.dlldbmsrpcn.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Group\\Apache\\1\.3(\.[1-3][0-9]|\.4[0-1]|\.[0-9])?ServerRootApacheCore.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Group\\Apache\\1\.3\..*ServerRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Microsoft Services for UNIX\KB896428InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Services for UNIXCurrent_ReleaseHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832483InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared Tools\Web Server Extensions\Setup PackagesSharePointsmss.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q320206Installedfp4areg.dllfp30reg.dllOsafehtm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-10F5-0000-1000-0000000FF1CE}InstallLocationImekr70.imeSystem.Security.dllSystem.Security.dllT2embed.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888113InstalledAtmfd.dllMsgfilter.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB830352Installedvbe6.dllCabview.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890046Installedwintrust.dllwwmp.dllSpwmp.dllHKEY_LOCAL_MACHINESOFTWARE\Kingsoft\AntiVirusProgramPathkavfm.sysHKEY_LOCAL_MACHINESOFTWARE\Kingsoft\KISCommon\Install\kiscommonProgramPathOakley.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828028InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon3DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5InstallHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Maxthon([0-9])?$HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon2DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}Compatibility Flagsnetlogon.dllmmc.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}Compatibility Flagstelnet.exeLlssrv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Ras\CurrentVersionPathNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318138InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\RasManStartrasman.dllTriedit.dllNtkrnlmp.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\SetupDriverCachePathRaschap.dllstrmdll.dllHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\768AAF4834783C442BE25B1A2554D677ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\899384DAA9E2504438FFE605A34FC9BBProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\42AAC7A832B7B0147A3C9F490B491406ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\813ACF1D304B0FB43A2E440E1CF2ADD3ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\EDDFACCCCECE4EA4DB79400767BB4D9AProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\0EEDF7F0258333042A16F38A4BEC64C6ProductNameVMM.sysftpsvc2.dllHKEY_LOCAL_MACHINESOFTWARE\AVAST Software\AvastHKEY_LOCAL_MACHINE^SOFTWARE\\ALWIL Software\\Avast\\([0-9.]+)$ashAvast.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ashAvast.exePathmrxsmb10.sysHKEY_CLASSES_ROOTPROTOCOLS\HandlercdoHKEY_LOCAL_MACHINESOFTWARE\ClassesCDOHKEY_LOCAL_MACHINESOFTWARE\Classes\PROTOCOLS\HandlercdoTcpip6.sysHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883935InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q331953InstalledLocalspl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Serv-UServ-U.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Serv-UPathsecur32.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Office\\12\.0\\Registration\\\{90120000-110D-0000-[01]000-0000000FF1CE\}$ProductNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Registration\{90120000-1125-0000-0000-0000000FF1CE}ProductNamemssdmn.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-1015-0409-0000-0000000FF1CE}InstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponentsiis_wwwWin32spl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\SubcomponentsinetprintHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanworkstationStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828749InstalledMscorlib.dllMscorlib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\PlayerUpgradePlayerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows Media\ServerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NetShowVersionNsum.exeWmsserver.dllWmstream.dllWmnetmgr.dllwstrmdll.dllstrmdll.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Visual FoxPro.*$DisplayNameMschrt20.ocxMscomct2.ocxes.dllMsjet40.dllWmvcore.dllWmvcore.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{40F23EB7-B397-4285-8F3C-AACE4FA40309}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22FD7C0A-850C-4A53-9821-0B0915C96139}Compatibility FlagsFontsub.dllAvifil32.dllOledlg.dllinfocomm.dllvb6.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\VisualStudio\6.0\Setup\Microsoft Visual BasicProductDirQuery.dllwinhttp.dllwinhttp.dlldnsapi.dllodbcbcp.dllsqlsrv32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q832483IsInstalledHKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsDisableCachingOfSSLPagesHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB892944InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\NET Framework Setup\1.0\M886905InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\.NETFramework Setup\1.0\M886906InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600208}DisplayVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*$DisplayNamenetapi32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ADAMDisplayNameadamdsa.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NTDS\Performancentdsai.dllroot\cimv2select DomainRole from Win32_ComputerSystemsqlisapi.dllssinc.dllh323fltr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\291InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Fpc\\Arrays\\\{[^\\]+\}\\Extensions\\Proxy-Plugins\\\{FE440D49-AB26-11D2-A101-00C04FB6CFB6\}$msFPCEnabledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServices Versionexprox.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\832759HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MSExchangeWEB\DAVReuseConnectionsHKEY_CLASSES_ROOThtfileHKEY_CLASSES_ROOTtelnet\shell\open\commandhypertrm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB873339\Filelistumpnpmgr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB893086\FilelistHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896422InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896358Installedhh.exesp3res.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822679Installedmqrt.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q269862Installedvdmdbg.dllHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.0msphlpr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FpcInstallDirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\408Kbstlntsvr.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q307298IsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TlntsvrStartaspnet_filter.dllw3proxy.exewspsrv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA ServerInstallationLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\257KbsHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\FwsrvStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885250Installednwrdr.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9161A261-6ABE-4668-BBFA-AD06B3F642CFMicrosoft Exchangexlsasink.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\KB894549.*HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}DisplayVersiondhtmled.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891781IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0150048383C9}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318593InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923-IE6SP1-20050225.103456HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB926121\FilelistHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TFTPD\ParametersMastersHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TFTPDhhsetup.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323255Installedasp.dllfp5areg.dllfp30reg.dllwebvw.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB894320\FilelistHKEY_CURRENT_USERSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AdvancedWebViewHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP1\KB824105\FilelistinstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824105\Filelistinstallednetbt.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB841873Installedmstask.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824141InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\UtilManStartComctl32.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NntpSvcStartnntpsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q303984Installedoval:org.mitre.oval:obj:44208oval:org.mitre.oval:obj:43819HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9}HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90530409-6000-11D3-8CFE-0150048383C9}GDIPLUS.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891711Installedimpprov.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841533Installednetdde.exenddenb32.dllshtml.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB810217InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponentsfp_extensionsMSO.DLLHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Hotfix\\[Kk][Bb]834707[-a-zA-Z0-9.]*$Installedsmtpsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313450InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\SMTPSVCStartsrv.sysmsgprox.dllreplrec.dllsqlvdi.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSSQLServer\MSSQLServerLoginModeism.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q321599InstalledWmiScriptUtils.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841872InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890175Installedsrvsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329170InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanserver\parametersenablesecuritysignatureHKEY_LOCAL_MACHINESoftware\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841356InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}WindowsInstallerHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329414InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811493InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326886Installedllssrv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885834InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\LicenseServiceStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890859InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB870763Installedwins.exeHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\winsStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp4-20040929.111451InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q305601InstalledSp3res.dllUmandlg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB842526Installedciodm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP2\KB871250\FilelistHKEY_LOCAL_MACHINESOFTWARE\Classes\.wvxHKEY_LOCAL_MACHINESOFTWARE\Classes\.wplHKEY_LOCAL_MACHINESOFTWARE\Classes\.wmxHKEY_LOCAL_MACHINESOFTWARE\Classes\.wmsHKEY_LOCAL_MACHINESOFTWARE\Classes\.wmzHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player 9\KB885492PackageVersionHKEY_LOCAL_MACHINESOFTWARE\Classes\.asxHKEY_LOCAL_MACHINESOFTWARE\Classes\.waxtshoot.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB826232Installedconsole.exedbmslpcn.dllsqlmap70.dllsqlrepss.dllssmslpcn.dllssnetlib.dllssnmpn70.dllums.dllmsgprox.dllreplprov.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\80SharedCodereplrec.dllsqlvdi.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0050048383C9}DisplayVersionDhcpcsvc.dllrpcrt4.dllHKEY_LOCAL_MACHINESSOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923 -ie501sp4-20050225.100310InstalledMsxml5.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\Tcpip\ParametersEnablePMTUDiscoveryitircl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB825119InstalledHKEY_CLASSES_ROOTHCPmsado15.dllmsgsvc.dllwkssvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828035InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MessengerStartgdi32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840987InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp3-20040929.121357InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}VersionHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\.NETFramework\policy\v1.03705HKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322InstallSystem.web.dllSystem.web.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A837109-E671-470D-B489-F1EBE471D220}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FCE50DB8-C610-4C42-BE5C-193F46C6F812}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600208}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}DisplayVersiondevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\8.0InstallDircrpe32.dllHKEY_LOCAL_MACHINE^Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[1-3]$1802HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}VersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Terminal ServerProductVersionrdpwd.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q324380InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\RDPWDStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823182InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1001HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1001cryptui.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\SP2SRP1Installedidq.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q300972InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\kb823353InstalledHKEY_USERS^S-[-0-9]+\\Identities\\\{[-0-9A-Z]+\}\\Software\\Microsoft\\Outlook\ Express\\5\.0\\Mail$ShowHybridViewHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-1014-0000-1000-0000000FF1CE}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERDisplayNameOnetutil.dllMicrosoft.office.server.native.dllMicrosoft.office.server.native.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationxlsrv.dllOnfda.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q277873Installedxenroll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323172InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-1141\-0407\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNamexactsrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326830InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanserverStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERDisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-112D\-0000\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayVersionMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationWdsrvWorker.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERInstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727InstallSystem.web.dllntdsa.dlluser32.dllmrxsmb.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\10.0\RegistrationUDBVersionwmp.dllwinsrv.dllIpnathlp.dllLM/W3SVC6032rdpwd.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}Installedmsadco.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DataAccessFullInstallVerHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared Tools\Web Server Extensions\5.0\Setup PackagesMicrosoft FrontPage Server Extensions 2002fpadmdll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared ToolsSharedFilesDirrasmans.dllHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.1Gdiplus.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows MailMediaVerHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\[\d]*-[\d]*-[\d]*-[\d]*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle GoldenGate Veridata 3.0.0.11.0DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Classes\\CAPICOM\.Certificates\.[0-9]HKEY_LOCAL_MACHINESOFTWARE\Classes\CAPICOM.Certificates.4\CLSIDHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\9.0\RegistrationUDBVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-1014-0000-1000-0000000FF1CE}_Office14\.WSS_\{[\w\-]+}$DisplayNameOnfda.dlljgdw400.dllNtkrnlpa.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006CCC4E-4FEB-4ED1-8587-037656905DC8}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CF55004-EEC4-406F-AF05-2291F1395388}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ConfigMgr\SetupFull UI VersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SMS .*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SMS\SetupFull Versionreportinginstall.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SMS\SetupInstallation DirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.0\S895309InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.1\S918007Installeddevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.1InstallDirdevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.0InstallDirMfc71.dllMfc40u.dllMfc42u.dllMfc70.dllwin32k.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{ 3e7bb08a-a7a3-4692-8eac-ac5e7895755b}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885835Installedkernel32.dllagentdpv.dllnwwks.dllxlview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90840409-6000-11D3-8CFE-0150048383C9}InstallLocationNtoskrnl.exeitss.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840315InstalledHKEY_LOCAL_MACHINESOFTWARE\Classes\ITSProtocolHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla \(.*\)$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionBuildLabHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313829Installedieapfltr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q314147InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\SNMPStartHKEY_LOCAL_MACHINESOFTWARE\IBM\DB2DB2 Path Namecdosys.dllshdocvw.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{90A2A715-D986-4EAB-8C73-4D06114EF760}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}IsInstalledHKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1803HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22F1877A-DC27-4E3F-A109-55BDB1EEF2DF}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DDAFF1B-4059-4C8C-BFB6-B79F6F9B88B0}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22F1877A-DC27-4E3F-A109-55BDB1EEF2DF}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DDAFF1B-4059-4C8C-BFB6-B79F6F9B88B0}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5660022E-F3F2-4126-8CC5-9726C47150EB}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Sybari Software\Antigen for Exchange\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows Defender\Signature UpdatesEngineVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OneCare Protection\Signature UpdatesEngineVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Forefront Server Security\Sharepoint\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Sybari Software\Antigen for SMTP\Scan Engines\MicrosoftEngine Versionnotes.exeHKEY_LOCAL_MACHINESOFTWARE\Lotus\NotesPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicePackBuildHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMinorcdoex.dllmsjava.dllwmplayer.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionProgramFilesDirWmpui.dllWmp.dllcryptdlg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329115Installedhttpext.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824151InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\W3SVC\ParametersDisableWebDAVMdbmsg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicesHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q319733InstalledLM/W3SVC6014VirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxInstallDirVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxInstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{839117ee-2132-4bae-a56a-42b50204c9b9}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB889293IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\6.0ProductNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\6.0ProductVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\7.0ProductNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\8.0ProductNameSnadmod.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\7.0InstallPathSnadmod.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\6.0InstallPathSnadmod.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\8.0InstallPathnetman.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB893066Installedtcpip.sysOnetutil.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90120000-1014-0000-[01]000-0000000FF1CE\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB901214IsInstalledmscms.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-1110-0000-1000-0000000FF1CE}DisplayNameEawfap.dllMicrosoft.office.policy.dllOWSSVR.DLLMicrosoft.SharePoint.Taxonomy.dllMicrosoft.SharePoint.Client.dllMicrosoft.office.server.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\SubSystemsPosixpsxss.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OleEnableDCOMQuartz.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 1.0.7DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxInstallDirHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxrpcss.dllhhctrl.ocxoleaut32.dllumpnpmgr.dllHKEY_LOCAL_MACHINESOFTWARE\CLASSES\PNGFilter.CoPNGFilterHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Apache Tomcat .*$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Software Foundation\\Tomcat\\[0-9].*$VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\7.1\RegistrationUDBVersionwmpui.dllHKEY_LOCAL_MACHINESOFTWARE\Classes\MIME\Database\Content Type\application/htaExtensiondns.exeHKEY_CLASSES_ROOTMITrain.Document\shell\open\commandOrun32.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Step by Step Interactive Training\SP2\KB898458\FilelistMsdtctm.dllgrpconv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893756InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TapiSrvStarttapisrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersionCurrentVersionsqlservr.exeodsole70.dllxpqueue.dllxprepl.dllxplog70.dllxpweb70.dllxpstar.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exePathHKEY_LOCAL_MACHINESOFTWARE\PHPVersionw3svc.dll^LM/MSFTPSVC/.*$1016HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923 -ie501sp3-20050225.100153InstalledHKEY_LOCAL_MACHINE^Software\\Microsoft\\Office\\10\.0\\Registration\\.*$ProductIDMSO.DLLHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\PHP.*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\PHPHKEY_LOCAL_MACHINESOFTWARE\PHPVersionshell32.dllsrv.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB817606Installedschannel.dllMsxml3.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA ServerVersionMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\277KbsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873333Installedole32.dllL3codecx.axWl3codecx.axL3codecx.axwaclayers.dllaclayers.dllCrystalDecisions.Web.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\w3svcStarthlink.dllmsieftp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server SPDisplayNamew3proxy.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\UninstallMicrosoft ISA ServerHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FPC\Hotfixes\SP1\430kbsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896727InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}IsInstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Topaz e-Signatures SigPlus .*DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Topaz e-Signatures SigPlus .*DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824146Installedrpcrt4.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q819696Installedntdll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q815021InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.10\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-6]\))$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB897715InstalledMapi32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\LmHostsStartHKEY_LOCAL_MACHINE^SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\Interfaces\\Tcpip.*$NetbiosOptionsmsasn1.dllMsw3prt.dlljscript.dllmf3216.dllgdi32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828741Installedcomsvcs.dllHKEY_LOCAL_MACHINESOFTWARE\Rockliffe\MailSiteVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q301625InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q293826Installedsnmp.exeumandlg.dllspoolsv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB896423InstalledMsxml4.dllMsxml6.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SeaMonkey \(1\.0[ab]\)$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\mozilla.org\SeaMonkeyCurrentVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-7]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-7]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.1[0-2]\))$DisplayNameHKEY_LOCAL_MACHINESoftware\VERITAS\Backup Exec\ServerCurrentVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\LSARestrictAnonymousHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX8InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX81InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX82InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DirectXVersiondplayx.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX9InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883939InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\ProductOptionsProductTypelsasrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB835732InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{D7B44F3E-77D3-44C5-8E03-4222D9A18B7B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{61E6EAE5-7821-4AC1-9BBD-AED032A8E273}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{FF4DD9CD-F25E-425a-8B5C-A2D062781FBB}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2757B1D6-0367-4663-877C-93ECC5C01BF6}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{C34F4917-ED43-439f-9023-97B0024A2B3B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{f5de1b93-9d38-416b-b09e-aa85a8e84309}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{716E024F-7F74-47F3-B93B-9FF7F3CBF94C}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}IsInstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1803HKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMinorVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q327696InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811114InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMajorVersionmsw3prt.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Outlook Express\Version InfoCurrentinetcomm.dllHKEY_LOCAL_MACHINESOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsSecurity_HKLM_onlyHKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400mshtml.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionkerberos.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRootHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \(0\.9.*\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[6-8]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-4]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[0-8]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[6-9]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\(1\.7\)|\(1\.[0-7]\.[0-3]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \(0\.[0-9].*\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-5]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-1]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-6]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-3]\))DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-7]\))DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla ThunderbirdCurrentVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-2]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-2]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-4]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-8]\))$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla FirefoxCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\mozilla.org\MozillaCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionProductNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCSDVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTUREvgx.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirY5.0.2195.69046.0.2719.2200gopher://16.0.2715.40033335.0.2195.690614.1.0.39324.1.0.3931115.0.2195.667215.50.4927.21006.0.2713.110036.0.2716.22005.50.4613.170015.0.2195.36495.0.2195.69010.9.3940.20125.0.2195.68955.0.2195.69045.1.2195.68995.131.2195.68245.0.2195.508015.50.4939.3005.0.3884.16005.1.2600.36605.2.3790.46385.1.2600.59185.0.2195.73686.0.6001.225746.0.6001.183745.2.3790.46286.0.6002.181576.0.6002.222805.0.2195.73614.14.1.0.39344.1.0.393414410.0.6858.06.0.6001.183776.0.6000.211755.2.3790.46376.0.6000.169736.1.7600.205915.0.2195.73646.0.6002.222835.1.2600.59135.1.2600.36546.1.7600.164816.0.6002.181606.0.6001.225776.0.6002.181246.0.6000.169396.0.6000.211425.0.2195.73486.1.7600.205536.1.7600.164446.0.6001.225446.0.6001.183445.1.2600.36345.2.3790.46035.1.2600.58886.0.6002.222476.0.6000.160006.0.6001.180005.2.3790.46355.1.2600.59155.1.2600.36575.0.2195.73668.0.7600.165358.0.6001.189048.0.7600.206518.0.6001.229952000.80.428.05.1.2600.36525.2.3790.46305.0.2195.73625.1.2600.59112000.80.213.02000.80.213.05.0.2195.73596.5.3790.46256.6.6000.211886.6.6001.180005.2.3790.46256.1.9.7386.5.2600.36496.6.6002.222956.6.6001.225905.1.2600.36496.6.7600.164906.6.6000.160006.5.1.9136.6.7600.206006.6.6000.169866.6.6002.220005.1.2600.59086.5.2600.59086.6.7600.160006.6.7600.200006.6.6002.181586.6.6002.180006.6.6001.183895,5,0,85135,1,0,8513^Apache HTTP Server 1\.3\..*$5.3000.2073.132.23.07.0.1701.443.58.0.1969.335.0.2195.34075.0.2195.69877.0.6000.212287.0.6000.212426.0.2900.59457.0.6000.170237.0.6002.182267.0.6001.226536.0.2800.16467.0.6002.223605.0.3886.19006.0.2900.36766.0.3790.46727.0.6001.184447.0.6000.170376.1.7600.164815.1.2600.59236.0.6001.225815.0.2195.73656.0.6000.211796.1.7600.205915.2.3790.46345.1.2600.36626.0.6002.181646.0.6002.222866.0.6000.169776.0.6001.183812000.85.1025.02000.85.1025.01Installed5.0.2195.569512000.81.9002.02000.81.9002.02000.81.9042.02000.81.9042.04.0.2.75234.0.2.75236.0.2800.16496.0.2900.59696.0.2900.36986.0.3790.46969.0.0.33679.0.0.450812.0.6545.500012.0.6545.50027.0.8002.05.1.2600.18635.2.3790.27455.1.2600.29385.2.3790.5585.0.2195.71002.0.50727.44342.0.50727.50072.0.50727.40002.0.50727.50001.1.4322.24602.0.50727.36131.1.4322.24632.0.50727.18782.0.50727.42042.0.50727.18792.0.50727.49517.0.6000.170637.0.6001.184707.0.6001.226857.0.6002.223987.0.6002.182557.0.6000.212645.0.2195.70715.0.2195.70735.2.3790.22716.0.6001.180006.0.6000.160006.1.7600.160006.1.7600.206555.1.2600.59446.0.6001.184315.2.3790.46716.0.6002.223466.0.6000.212305.0.2195.73796.1.7600.165396.0.6001.226415.1.2600.36756.0.6000.170256.0.6002.182132000.80.296.05.1.2.2285.0.2.2275.2.2.2287.5.7600.200007.5.7600.166016.0.2600.36805.0.2195.73817.0.6001.184856.0.2600.59497.5.7600.207237.0.6002.182647.0.6002.224177.0.6001.227046.0.3790.46756.5.7656.25.0.2195.687014.1.0.39393.70.11.40^2\.6.*2000.80.746.02000.81.9041.40^2\.7.*5.2.3790.47025.1.2600.59765.0.2195.73976.1.7600.207046.1.7600.165856.0.6001.226826.0.6001.184685.1.2600.37066.0.6002.182536.0.6002.223966.4.99.726.0.6000.170026.0.6000.212036.0.3790.46496.1.7600.206136.0.2900.59276.0.6002.181846.1.7600.165006.0.2900.36636.0.6002.223115.0.3900.73696.0.6001.184046.0.6001.226058.0.6001.180007.0.6000.211847.0.6000.169827.0.6002.181678.0.7600.164906.0.2900.36606.0.3790.46397.0.6002.222907.0.6000.169818.0.6001.188826.0.2800.16447.0.6001.225856.0.2900.59218.0.6001.188767.0.6001.183858.0.7600.206008.0.6001.229677.0.6000.211838.0.6001.229738.0.7600.160002.0.0.342316.0.6001.184276.0.6001.226366.0.6002.223416.0.6002.182095.1.2600.59386.0.6000.212265.2.3790.46665.0.2195.73765.1.2600.36706.0.6000.170216.0.6002.222936.0.6000.169845.131.2600.59225.131.2195.73756.0.6001.225886.0.6000.211866.1.7600.164935.131.3790.46426.1.7600.206055.131.2600.36616.0.6001.183876.0.6002.181696.1.7600.165435.50.5010.2006.0.6002.181976.0.6001.184276.0.6001.226216.0.6002.223416.0.6001.226366.0.6002.223256.0.6001.184166.0.2900.36646.0.6002.182096.0.3790.46576.1.7600.206596.0.2800.20016.0.2900.59315.0.2195.70988.0.7600.165888.0.7600.207088.0.6001.230198.0.6001.189288.0.7600.2000012.0.0.013.0.0.011.0.6002.224869.0.0.451010.0.0.400811.0.6001.711811.0.5721.528011.0.6001.701011.0.6002.1831110.0.0.408110.0.0.401112.0.7600.2079212.0.7600.1666712.0.7600.200002010.7.30.2016.5.2600.59336.5.2600.36656.6.6001.184616.6.6001.226726.5.3790.46606.5.1.9145.1.2600.36325.0.2195.73435.1.2600.58865.2.3790.46005.0.3882.27005.0.2195.6823102.0.50727.30532.0.50727.40002.0.50727.43002.0.50727.40622.0.50727.42002.0.50727.44002.0.50727.36037.0.6002.181077.0.6001.183277.0.6002.222197.0.6001.220007.0.6001.225167.0.6000.169237.0.6000.211237.0.6002.220007.0.6000.160002.0.50727.1003^(2\.5\.3\.80|3\.0\.0\.145)$10.0.6856.05.0.3881.1005.2.3790.45205.0.893.11057.0.6002.181306.0.2900.36407.0.6001.225506.0.3790.46117.0.6000.211487.0.6002.222526.0.2900.58977.0.6001.183496.0.2800.16427.0.6000.169457.0.6002.180005.0.2195.71025.0.2195.73006.0.6001.224475.1.2600.58295.1.2600.35876.0.6000.210656.0.6000.168685.2.3790.45286.0.6001.182705.0.33670.46.0.6002.221506.0.6002.180495.0.2195.7337RASPHONE.PBK145.0.2195.49835.0.3877.22006.1.0.92466.1.0.92355.1.2600.58575.2.3790.45666.0.6002.221916.0.6000.169016.0.6001.224896.0.6002.180825.1.2600.36105.0.2195.73196.0.6001.183046.0.6000.211011.1.3790.45035.2.3790.45011.1.3790.450126535.5.2658.346.0.6002.221205.2.3790.45026.0.6001.182476.0.6002.180245.1.2600.57956.0.6000.210455.1.2600.35556.0.6000.168506.0.6001.224175.0.2195.72816.0.6001.225365.0.2195.73445.1.2600.36326.0.6001.183365.2.3790.46006.0.6000.169326.0.6000.211345.1.2600.58864.1.0.39385.0.2195.7292Microsoft Virtual Server 2005 R2 SP1Microsoft Virtual PC 2007 SP1Microsoft Virtual PC 2007Microsoft Virtual PC 2004Microsoft Virtual Server 20051.1.465.151.1.465.161.1.656.01.1.598.09.1.0.05.2.3790.32815.0.2195.72415.2.3790.44465.2.2007.45306.0.6000.210685.0.0.8085.1.0.11116.0.6000.16871455.0.2195.71785.1.2600.34625.1.2600.56945.0.2195.72036.0.6000.209376.0.6000.200006.0.6001.181576.0.6001.222885.2.3790.43926.0.6001.220006.0.6000.167645.2.3790.32296.0.2600.36246.0.3790.45846.0.2600.58755.0.2195.73365.0.2195.71085.1.2600.29765.1.2600.58475.2.3790.45545.0.2195.73205.1.2600.36027.0.6001.224187.0.6001.182487.0.6000.168517.0.6002.180246.0.2800.16277.0.6000.168507.0.6000.210457.0.6000.210467.0.6002.221216.0.6000.168165.2.3790.44566.0.6001.182116.0.6000.210066.0.6001.223724.8.1356.05.2.3790.43695.0.2195.71745.1.2600.57006.0.6000.167385.2.3790.32066.0.6001.181305.1.2600.34675.2.3790.44585.2.3790.32935.1.2600.57215.1.2600.34875.1.2195.72136.0.6001.181756.0.6000.167826.0.6000.209676.0.6001.223206.0.3790.32615.0.3872.10006.0.2800.16196.0.3790.44267.0.6001.223286.0.2900.57267.0.6000.167887.0.6001.181837.0.6000.209736.0.2900.34927.0.6002.206117.0.6001.182037.0.6000.168097.0.6000.209967.0.6000.168097.0.6001.223555.0.0.8076.0.6001.181595.2.3790.43965.2.3790.32335.0.2195.72055.1.2600.56985.1.2600.34666.0.6001.222916.0.6000.167666.0.6000.209406.0.6000.169086.0.6002.222006.0.6001.224976.0.6000.211085.2.3790.45736.0.6002.180915.2.3790.45736.0.6001.183116.3.1.8936.1.9.7366.5.2600.35806.5.1.9116.5.2600.58226.5.3790.45239.5.6001.18161^6\.2\.020[5-9]5.0.2195.697215.2.3790.43205.2.3790.31635.1.2600.33965.1.2600.56275.0.2195.71626.0.6001.182465.2.3790.44975.1.2600.57966.0.6002.180236.0.6002.221196.0.6000.210446.0.6001.224165.1.2600.35565.0.2195.72796.0.6000.168495.2.3790.32125.1.2600.56765.0.2195.71945.2.3790.43756.0.6001.181416.0.6000.167505.1.2600.34466.0.6001.222656.0.6000.209175.0.2195.610616.0.6002.180586.0.6001.224615.2.3790.45686.0.6001.182816.0.6002.221621.1.3790.45695.0.2195.73136.0.3790.43256.0.3790.31686.0.6001.180496.0.2900.33505.50.4990.25006.0.6000.166696.0.2800.19336.0.2900.55796.0.6001.221546.0.6000.208105.0.2195.72904.20.9870.06.20.1099.05.20.1087.06.0.6002.222186.0.6000.200006.0.6001.225156.0.6000.211225.1.2600.36246.0.6001.183266.0.6002.181065.1.2600.58756.1.7600.205185.0.2195.73346.1.7600.164156.0.6000.169225.2.3790.45846.0.2900.34626.0.3790.43926.0.2900.56946.0.3790.32295.0.3809.06.0.6000.210456.0.6002.180245.1.2600.35695.1.2600.58096.0.6000.168505.0.2195.72666.0.6002.221206.0.6001.182476.0.6001.224175.2.3790.45098.2.0.37.0.0.18.100.1048.05.2.3790.43635.0.2195.71776.0.6001.181306.0.6000.167385.1.2600.34365.2.3790.32005.1.2600.56716.0.6001.222526.0.6000.209046.0.6000.200005.1.2600.57816.0.6001.223766.0.6001.180005.2.3790.33116.0.6000.210105.0.2195.72446.0.6001.220005.2.3790.44806.0.6000.168205.1.2600.35416.0.6001.18215Microsoft Office SharePoint Server 2007Microsoft Search Server 200812.0.6318.50007.0.6000.211158.0.6001.229187.0.6001.225087.0.6002.222127.0.6000.169157.0.6001.183196.0.3790.45896.0.2900.58808.0.6001.188287.0.6002.181006.0.2900.36277.0.6000.211167.0.6000.169166.0.2800.16385.1.2600.56646.0.6000.167285.1.2600.34356.0.6001.181195.2.3790.32085.2.3790.43715.0.2195.71886.0.6001.222416.0.6000.20893145.0.2195.686215.1.2600.56255.0.2195.72805.1.2600.33947.0.6000.168257.0.6000.210157.0.6000.168307.0.6001.160007.0.6000.160007.0.6001.182267.0.6000.210237.0.6001.223892.0.50727.30532.0.50727.14331.1.4322.24432.0.50727.18735.2.3790.32956.0.6001.182145.0.2195.72605.2.3790.44606.0.6001.220006.0.6001.223757.0.6001.181577.0.6000.167647.0.6000.167627.0.6001.222887.0.6000.209377.0.6000.20935^6,4,[0-9]+,[0-9]+$^9\..*$4.14.1.0.39369.0.0.450411.0.5721.52519.1.1.500010.0.0.40019.0.0.326810.0.0.37119.1.1.384510.0.0.37037.10.0.308211.0.6000.634611.0.6001.70014.1.0.39376.1.98.126.1.98.122001.12.4720.31292000.2.3550.02001.12.6930.166772001.12.4414.7062001.12.4414.3202001.12.6931.180572001.12.4720.42822001.12.6930.200002001.12.6931.220002001.12.6931.221622001.12.6930.208186.5.2600.34976.5.3790.32666.5.1.9106.3.1.8926.5.2600.57316.5.3790.44315.50.4945.28006.0.6001.183116.0.6002.222005.0.2195.73225.1.2600.58636.0.6000.211085.1.2600.36146.0.6002.180915.2.3790.45716.0.6001.224976.0.6000.169086.0.6001.220006.0.6002.220005.2.3790.42715.2.3790.31195.0.2195.71554.0.9511.07.0.6001.180236.0.3790.42375.0.3862.15006.0.3790.30917.0.6000.166437.0.6000.166406.0.2900.33146.0.2800.16097.0.6001.221207.0.6000.207777.0.6000.207726.1.9.7346.0.2900.35626.0.3790.45046.0.2900.58036.0.3790.44705.0.3874.19006.0.2900.35276.0.2800.16256.0.2900.57646.0.3790.330411.0.6002.1804911.0.6002.2215011.0.6002.220009.0.0.09.0.0.32709.0.0.450610.0.0.370510.0.0.400511.0.5721.526511.0.5721.526511.0.6001.700610.0.0.011.0.0.02000.80.747.02000.80.747.07.0.6000.210898.0.6001.220007.0.6000.168907.0.6001.200008.0.6001.188138.0.6001.229028.0.6001.188128.0.6001.229037.0.6001.182946.0.2800.16347.0.6001.224757.0.6002.221807.0.6000.210895.0.3879.22006.0.3790.45557.0.6002.180716.0.2900.58487.0.6002.220007.0.6000.168906.0.2900.36037.07.0.6000.167116.06.0.2900.21805.6.0.8835reg_dword10245.1.2600.58536.0.6002.180516.0.6001.182726.0.6002.221525.0.2195.73186.0.6001.224506.0.6000.168705.2.3790.45596.0.6000.210675.1.2600.36075.2.3790.42375.2.3790.30916.0.6000.166436.0.6001.180235.1.2600.33165.0.2195.71536.0.6001.221206.0.6000.207776.0.6001.220005.1.2600.35215.2.3790.32915.1.2600.57565.0.2195.72516.0.6000.200005.2.3790.31066.0.6001.180275.0.2195.71545.2.3790.42565.1.2600.33356.0.6000.166466.0.6000.207826.0.6001.221256.0.6001.220006.0.6001.182706.0.6002.180495.1.2600.35856.0.6000.160006.0.6001.224475.1.2600.58276.0.6002.221505.2.3790.45276.0.6000.200006.0.6002.220006.0.6000.168686.0.6000.210655.0.2195.73166.0.6002.180005.2.3790.30415.0.2195.71475.2.3790.41865.1.2600.32495.2.3790.6015.2.3790.28135.1.2600.30165.0.2195.711476.0.3790.42157.0.6000.165765.0.2195.71476.0.3790.30686.0.2600.32907.0.6000.206987.0.6000.200006.0.6000.166075.1.2600.32666.0.6000.207322.40.4520.05.2.3790.7273.50.5022.05.2.3790.30575.2.3790.42022.40.4532.05.2.3790.31616.0.6001.221925.2.3790.43185.0.2195.71626.0.6001.220006.0.6001.180815.2.3790.5525.2.3790.27345.1.2600.29355.1.2600.18605.0.2195.71006.0.6000.167865.1.2600.34945.1.2600.34906.0.6001.181785.2.3790.44276.0.6000.209715.2.3790.32625.1.2600.57276.0.6001.223235.2.3790.30926.0.6000.166155.0.2195.71515.1.2600.33165.2.3790.42386.0.6000.207407.0.6001.180636.0.2800.16116.0.2900.33547.0.6000.166815.0.3864.18006.0.3790.42756.0.3790.31237.0.6000.166747.0.6000.208157.0.6000.208236.0.2900.55837.0.6001.221675.0.2195.71475.2.3790.30365.1.2600.32445.2.3790.41796.0.2900.56267.0.6001.180997.0.6000.167056.0.3790.43246.0.3790.31675.0.3866.20006.0.2900.33956.0.2800.16137.0.6000.167117.0.6001.222127.0.6000.208687.0.6000.208613.70.11.463.70.11.4615.2.3790.44256.0.6001.180005.1.2600.57256.0.6000.160006.0.6000.167895.1.2600.34915.0.2195.72226.0.6001.181855.2.3790.32606.0.6001.223316.0.6000.209766.0.6000.200006.6.6001.180636.6.6000.166816.5.3790.42836.5.2600.33676.5.1.9096.3.1.8916.5.3790.31306.5.2600.55966.6.6001.221676.6.6000.208236.6.6000.200006.6.6001.220006.0.2800.16175.0.3870.15001.1.3790.30435.0.2195.71475.2.3790.41881.1.3790.41885.2.3790.304316.0.2800.14005.50.4937.8005.0.3813.8005.0.3502.485615.0.0.79911.0.3705.5561,0,3705,21,0,3705,31.0.3705.602116.2.0208MSN Messenger 6.25.2.3790.5595.1.2600.18745.0.2195.71055.2.3790.27475.1.2600.2952^[Aa]ctive [Dd]irectory [Aa]pplication [Mm]ode.*$1.1.3790.31291.1.3790.42816.0.6001.180721.1.3790.42765.0.2195.71556.0.6001.221795.2.3790.42745.2.3790.31226.0.6001.22000^[4-5]$6.0.2900.32687.0.6000.166086.0.3790.42106.0.2800.16075.0.3860.10006.0.3790.30647.0.6000.166097.0.6000.207337.0.6000.207345.0.3526.8005.0.3513.9008.00.194^2\.70.*$2000.80.309.02000.80.760.05.0.2195.66243.0.1200.291114656.5.6980.570^[Hh][Yy][Pp][Ee][Rr][Tt][Rr][Mm]\.[Ee][Xx][Ee]$5.0.2195.70005.0.2195.70575.0.3900.70325.0.3510.110015.0.2195.704415.2.3790.3095.0.3858.11005.0.2195.67131.0.0.315.0.0.8055.1.0.11095.0.2195.210315.0.2195.71475.2.3790.30275.2.3790.417165.1.2600.18295.0.2195.70845.1.2600.28896.0.3790.5206.0.3790.26845.0.3900.69706.0.2900.32437.0.6000.165876.0.3790.41866.0.2800.16056.0.3790.41865.0.2195.6946^4\.[0]*8\.[0]*1\..*$6.5.2600.32436.6.6000.165876.5.1.9086.5.3790.30356.3.1.8906.5.3790.41786.1.9.733^4\.09.*$5.2.3790.5885.2.3790.27835.1.2600.18855.0.2195.71065.1.2600.29743.0.1200.408KB8882585.0.33668.1146.0.2800.14112.0.50727.1013.0.1200.2573.0.1200.257331066215.0.2195.70235.2.3790.5885.2.3790.27835.1.2600.30155.0.2195.71106.5.6981.310.0.6626.010.0.4330.06.1.0.9232111.0.5614.05.0.2195.498012.0.50727.2106.0.2800.14986.0.2800.149905.2.3669.05.2.3644.05.2.3644.05.2.3644.015.0.2195.667210.0.4205.010.0.4205.05.0.3900.70361^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] [1-9][0-9]*$5.0.2195.67835.2.3790.69115.1.2600.1175.1.2600.12436.0.2800.12765.50.4934.160014.71.2195.69205.0.3810.1700145.0.2195.67995.82.2800.18915.82.3790.5835.82.3790.27785.82.2900.29825.81.3900.71095.0.3900.69225.0.3523.170045.0.2195.388116.0.3264.05.0.2195.701716.0.2800.18736.0.2900.29516.0.3790.5595.0.3900.71056.0.3790.27462000.80.650.05.0.2195.61595.0.3846.230015.0.2195.69525.0.2195.69224.0.2.75231110.0.6714.015.0.2195.4905145.2.3790.5265.0.2195.70875.1.2600.18325.2.3790.26915.1.2600.28932000.80.818.02000.80.765.02000.80.765.02000.80.765.015.0.2195.6753^2\.6.*$2.62.9119.122000.80.650.05.0.2195.567118.0.50727.23615.0.2195.692915.2.3790.2335.0.2195.61101115.0.2195.696610.2.511012.53.6202.01^2\.5.*$2000.80.578.02000.80.561.05.00.3314.21015.0.3504.25005.0.1558.6072^9\.0\..*$10.0.8250.015.0.2195.60115.0.2195.597415.0.2195.70211415.0.2195.703515.0.2195.7005^.*ServerNT.*$45.0.3534.2800115.0.2195.69281.0.0.515.2.3790.2205.0.2195.69815.1.2600.15961.19.00.00.29809.0.0.32501.0.1.212512000.80.818.02000.80.818.02000.80.811.02000.80.765.02000.80.818.02000.80.818.02000.80.818.02000.80.818.02000.80.816.02000.80.800.02000.80.778.02000.80.765.02000.80.798.02000.80.765.02000.80.765.010.0.8326.010.0.6735.010.0.8326.05.2.3790.5365.1.2600.29125.0.2195.70855.1.2600.18475.2.3790.27065.2.3790.41155.0.2195.70905.1.2600.31736.0.6000.165255.2.3790.29712000.80.384.02000.80.223.02000.80.223.02000.80.223.02000.80.223.05.50.4725.21005.0.3826.240015.50.4922.9005.10.2930.04.20.9839.08.70.1113.06.0.3888.0
^.*asp\.dll.*$
05.2.3790.8016.0.2900.31996.0.2800.16015.0.3856.17007.0.6000.165466.0.3790.41347.0.6000.165446.0.3790.29935.0.3819.3002.53.6307.02.71.9054.02.81.1128.02.80.1064.05.50.4942.4005.0.2195.68615.0.2195.6861142.0.0.34265.0.2195.694516.0.3790.29547.0.6000.165256.0.2900.31577.0.6000.165276.0.3790.41066.0.2800.15975.50.4943.4005.2.3790.29605.1.2600.31595.0.2195.71385.0.3821.280011.0.3705.31.0.3705.60601.1.4322.24077.0.0820.05.00.3315.10005.0.3532.3009.1.2.187110.2.0.12225.0.3900.700932.0.0.34255.2.3790.12435.2.3790.40705.2.3790.29265,6,0,85135.0.2195.68105.05.0.2195.5880141335.131.2195.675815.0.2195.36451
^.*idq\.dll.*$
6.0.2800.144110^Microsoft SharePoint Foundation 2013 .*$^Service Pack 2 for Microsoft SharePoint Foundation 2010 .*$Microsoft SharePoint Server 201314.0.7105.500014.0.7005.100014.0.7104.500015.0.4535.100015.0.2195.27847.0.6000.164815.131.3659.0106.0.2716.22005.2.3790.29245.1.2600.31265.1.2195.71365.2.3790.4068^Service Pack 2 for Microsoft Office Web Apps.*$14.0.7015.10005.0.2195.597112^Microsoft.* Office Web Apps$Microsoft Office Web Apps Service Pack 1 (SP1)14.0.6029.100014.0.7106.500014.0.6112.500012.0.50727.8325.0.2195.71356.0.6000.164385.0.2195.7097^10\.0+\..*$9.0.0.33496.0.6618.45.2.3790.40436.0.6000.200006.0.6000.205445.1.2600.31035.0.2195.71356.0.6000.164455.2.3790.6585.2.3790.29025.0.2195.69025.0.2195.70555.06.0.3790.26635.0.2195.70877.0.6000.165137.0.6000.206286.0.3790.29626.0.2900.31646.0.2800.15996.0.3790.41065.0.3854.2500^5,50,.*5.50.4963.17005.50.4134.01005.50.4134.06005.50.4522.180015.50.4923.2500^2\.53.*$2.53.6306.02.71.9053.02.80.1062.0^2\.81.*$2.81.1124.0^2\.71.*$^2\.8.*$6.0.3790.5046.0.3790.26635.0.2195.708510.0.6790.05.0.2195.70935.0.3528.7005.1.3102.13556.0.2900.29636.0.2800.15616.0.3790.27596.0.3790.5545.0.3842.3000^6[,\.]0[,\.]600[0-9][,\.]\d+$^6[,\.]1[,\.]\d{4}[,\.]\d+$6.0.3790.41336.0.6000.165456.0.2900.31986.0.2800.19146.0.3790.29925.50.4980.16006.0.2713.1100^Oracle GoldenGate Director Server 11.1.1.1.0[_\d]*$6.0.2800.18076.0.3790.26665.0.3854.1200^9\.0+\..*$9.0.0.33445.2.3790.40625.0.2195.71355.2.3790.29195.1.2600.3119Microsoft SharePoint Foundation 2010 Service Pack 1 (SP1)14.0.6134.50005.2.3790.40355.2.3790.6525.2.3790.28945.0.2195.71335.1.2600.30935.0.3837.12004.2.04.1.06.0.2800.15553.5.0.1182.2.03.0.26.0.3790.40736.0.3790.29296.0.2900.3138106.0.0.05.0.2195.7071Microsoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R3^Microsoft System Center Configuration Manager 2007.*$4.00.6487.2000^.*Microsoft Systems Management Server 2003.*$2.50.4253.30004.0.6487.22167.10.0.30774.3.04.0.64.0.85.2.3790.6515.2.3790.40335.2.3790.289216.5.9146.07.0.9975.07.10.5057.07.10.6041.04.1.0.61416.0.9792.07.0.9801.05.26.1.7601.220165.1.2600.62446.0.6002.186475.2.3790.50196.1.7600.170396.0.6002.228766.1.7601.178606.1.7600.212316.0.6002.220006.0.2800.147615.0.2195.699215.0.2195.70995.2.3790.5565.1.2600.29455.1.2600.18695.2.3790.27412.0.0.34245.2.3790.12426.0.2800.15226.0.2800.15235.0.2195.70655.0.3833.20011.0.8012.05.0.2195.69025.2.3790.1851^Mozilla \(.*\)5.0.3835.22009.79.1^\d+\.win7sp1.*$5.1.2600.61756.1.7600.210926.1.7601.210006.1.7600.169156.1.7601.177256.1.7601.218616.0.6002.227426.0.6002.185415.2.3790.49356.1.7600.200006.0.6002.220008.07.08.59.7.0.49.7.0.115.0.3502.47189.58.5^5\.0+\..*5.0.3839.22007.0.6000.164325.0.3850.19006.0.3790.28856.0.2800.15937.0.6000.164486.0.3790.4026145.0.2195.491914.0.6113.500014.0.6114.50018.0.18.5.1.45.0.2195.70736.0.2722.9009.7.0.16.1.3940.425.0.3841.19005.00.2919.8005.00.2919.38005.00.2919.63075.00.2920.00005.00.3103.10005.00.3105.01065.0.3214.200011332000.80.2000.02000.80.2273.02000.80.2050.0Microsoft Forefront Security for SharePointMicrosoft Antigen for ExchangeMicrosoft Forefront Security for Exchange ServerMicrosoft Antigen for SMTP^Microsoft Windows Live OneCare.*$1.1.3520.00.1.13.1925.0.2195.71335.1.2600.30998.5.2.25.27.0.06.06.5.65:0a4.64.2.17.0.43.0.0.18.0.03.0.0.2763862497226808.0.709.06.0.6619.126.5.7235.26.5.7652.245.0.3810.010.0.0.011.0.0.010.0.0.09.0.0.011.0.0.012.0.0.07.10.0.308010.0.0.405811.0.5721.523011.0.6000.633610.0.0.399810.0.0.37099.0.0.33545.6.0.05.5.0.05.1.0.85135.5.0.85135.6.0.85135.1.0.05.0.3868.20005.0.1558.660815.0.2195.6958115.0.3831.18005.0.1460.95.0.1462.224.0.05.0.3825.70015.0.2195.5269
^.*ism\.dll.*$
5.2.3790.5585.2.3790.27443.0.43.2.03.0.03.0.63.1.84.1.011Microsoft Host Integration Server 20046.0.2403.0Microsoft Host Integration Server 2006Microsoft Host Integration Server 2009Microsoft Host Integration Server 20107.0.4220.08.0.3870.08.5.4317.18.5.4369.28.0.3850.16.0.2445.08.0.3872.28.5.4360.06.0.2800.15435.0.2195.706115.0.2195.703512.0.6565.5001^Microsoft Windows SharePoint Services 3\.0.*$15.0.2195.7054Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 201014.0.6106.500114.0.6106.500114.0.6106.500814.0.6106.500114.0.6106.500114.0.6106.500171098.0.1969.589.0.3790.298396.0.6000.206609.0.3790.412586877.0.1701.467.0.11^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([3-9]|([1-9][0-9]+))$Y6.3.1.889^4\.[0]*9\..*$6.1.9.7266.1.9.732Mozilla Firefox (1.0.7)^1\.0\.7 .*^(5\.3\.[23])$6.0.2723.25004.0.05.0.2195.70595.0.2195.70595.2.3790.28475.2.3790.620^(5(\.2(\.([0-9]|1[0-4]))?|\.3(\.[0-3])?))$2.40.4531.05.2.3790.40985.2.3790.29555.1.2600.31395.0.2195.70695.3.4CoPNGFilter Class5.0.3828.2700^Apache Tomcat .*$^7\.0\.([0-9]|1[01])$7.0.6000.209277.0.6001.181487.0.6000.200007.0.6001.222606.0.2900.34296.0.2900.56596.0.3790.31946.0.3790.43576.0.2800.16157.0.6000.167577.0.6000.167357.0.6001.181377.0.6000.209007.0.6001.22000^7\.1.*$7.10.0.30766.0.2800.1264.hta5.0.2195.71355.2.3790.40595.2.3790.2915x645.3.43.5.0.1172000.2.3535.05.1.2600.55125.1.2600.21805.2.3790.18305.2.3790.39595.0.2134.1145.0.2195.70578.00.1942000.80.608.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.628.06.0.2800.15056.0.2800.15065.2.150144.2.775.15.0.2195.52695.1.2600.41
4
5.50.4913.1100115.0.3539.24001^.[0-9]+-.[0-9]+-.[0-9]+-.[0-9]+$^.*-OEM-.*$10.0.6867.0^PHP.*$^([0-4](\..*)?|5(\.[0-1](\..*)?|\.2(\.([0-9]|1[0-4]))?|\.3(\.[0-3])?)?)$5.0.3900.70715.0.3900.70788.0.7600.163855.0.2195.669915.2.3790.47245.1.2600.60068.100.5003.08.110.7600.207288.110.7600.166058.100.4002.08.110.7600.200008.100.1052.08.100.1051.03816456^8\..*$^[a-zA-Z0-9\(\)\s]*2008[a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*2008 [Rr]2[a-zA-Z0-9\(\)\s]*$6.0.3790.47327.0.6000.170806.0.2900.60037.0.6001.184988.0.6001.189437.0.6002.182788.0.7600.166258.0.6001.189396.0.3790.6056.0.3790.28176.0.2800.15866.0.2900.302015.0.2195.70211.6.0.525.1.2600.59065.1.2600.36475.2.3790.46245.0.2195.73589.1.9800.945.2.3790.27485.2.3790.560Service Pack 45.50.4956.500Microsoft ISA Server 2000 Updates3.0.1200.430KB8997536.0.2800.15156.0.2800.1516116.0.2800.1458^[A-Za-z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] 7[A-Za-z0-9\(\)\s]*$Service Pack 3^[a-zA-Z0-9\(\)\s]*[Vv][Ii][Ss][Tt][Aa][a-zA-Z0-9\(\)\s]*$^(Topaz e-Signatures SigPlus .*)3.746.0.2900.30597.0.6000.164145.0.3849.5006.0.3790.6306.0.2800.15896.0.3790.285815.0.2195.6802^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([5-9]|([1-9][0-9]+))$^4\.[0]*9\.[0]+\.[0]*900^4\.[0]*9\.[0]+\.[0]*9016.0.3790.5946.0.3790.27956.0.2900.29956.0.2800.15785.0.3842.3000x866.0.2800.15285.50.4134.01005.50.4134.06005.50.4522.180015.50.4616.2005.50.4701.2400^4\.[0]*8\..*$15.50.4807.23005.50.4926.25005.0.2195.66851^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.10\))([0-1]\.[0-7]($|\s).*|[0-1]\.[0-7]\.[0-8]($|\s).*|1\.7\.10($|\s).*)(0\.[0-9].*|1\.0($|\s).*|1\.0\.[1-6]($|\s).*)^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-6]\))15.50.4952.2800^[Aa][Mm][Dd]64$Service Pack 26.0.3790.29206.0.3790.40645.0.3853.30006.0.2900.31326.0.2800.15956.0.6603.06.0.6617.47^Windows.*424.05.0.2195.69055.0.2195.29565.1.0.125125.5.0.05.6.0.88315.0.2195.68985.0.2195.706912000.2.3511.0^7\.[0-9.]*$6.0.2800.15886.0.3790.28516.0.2900.30517.0.6000.163866.0.3790.6235,50,4807,17005.1^6[,\.]0[,\.](2[6-9]00|3790)[,\.]\d+$6.0.3790.6076.0.3790.28266.0.2900.30286.0.2800.18965.50.4971.600^([1-5]\.[0-9].*|6\.(0.*|1|1\.([0-9]($|\..*)|[0-1][0-9]($|\..*)|20($|\..*)|21($|\..*))))$115.0.2195.36495.2.3790.6155.2.3790.28375.1.2600.30385.0.2195.71121.0.0.4^Service Pack [0-4]$5.0.2195.705914.20.9841.06.0.3890.0^SeaMonkey \(1\.0[ab]\)^1\.0[ab].*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-7]\))(0\.[0-9].*|1\.0($|\s).*|1\.0\.[1-7]($|\s).*)^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-7]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-7]($|\s).*([0-1]\.[0-7]($|\s).*|[0-1]\.[0-7]\.[0-8]($|\s).*|1\.7\.1[0-2]($|\s).*)^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.1[0-2]\))8.50^4\.07.*5.0.2195.69271^4\.08\.00.*5.0.2258.4101^4\.08\.01.*5.1.2600.8911^4\.08\.02.*5.2.3677.1441^4\.09\.00.*5.3.0.90315.00.3502.10005.0.3541.27001^.*LanmanNT.*$5.0.2195.690211111111111^6\.0+\.2600\.0+$16.0.2712.3001111301155.0.2195.580716,0,2800,11066.0.2800.140916.00.2800.110633336.0.2800.14916.0.2800.14925.0^Service Pack ([4-9]|\d{2,})$5.0.2195.7053^0\.9($|\s).*^Mozilla Firefox \(0\.9.*\)^0\.[6-8]($|\s).*^Mozilla Thunderbird \(0\.[6-8]\)^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-4]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-4]\))^0\.[0-8]($|\s).*^Mozilla Thunderbird \(0\.[0-8]\)^0\.[6-9]($|\s).*^Mozilla Thunderbird \(0\.[6-9]\)^1\.7($|\s).*|^1\.7\.[0-3]($|\s).*^Mozilla (\(1\.7\)|\(1\.[0-7]\.[0-3]\))^0\.[0-9]($|\s).*^Mozilla Firefox \(0\.[0-9].*\)^[0-1]\.0($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\))^[0-1]\.0($|\s).*^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-5]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-5]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-1]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-1]\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-6]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-6]\))^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-3]\))^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-7]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-2]($|\s).*^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-2]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-2]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-2]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-4]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-4]\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-8]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-8]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-3]($|\s).*^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-7]($|\s).*^6\..*$^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([2-9]|([1-9][0-9]+))$5.00.3700.1000^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([4-9]|([1-9][0-9]+))$5.0x86^[a-zA-Z0-9\(\)\s]*2003[a-zA-Z0-9\(\)\s]*$windows^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] [Xx][Pp][a-zA-Z0-9\(\)\s]*$Service Pack 1ia646.0.2900.29976.0.2800.15805.0.3845.18006.0.3790.5936.0.3790.2794\system32\Windows Media\Server\Microsoft Shared\web server extensions\40\bin12.0\Bin\Microsoft Shared\VBA\VBA6security\kxede\i38612.0\BIN\System32\Windows Media\Server^\\WinSxS\\x86_Microsoft.Windows.WinHTTP_.+$\ADAM\System\Ole DB folder\bin\microsoft shared\triedit\Microsoft Shared\web server extensions\50\bin\Microsoft Shared\web server extensions\40\isapi\Microsoft Shared\OFFICE11\Microsoft Shared\WMI\Microsoft Shared\OFFICE11\System\ado\Microsoft.NET\Framework\v1.0.3705\Microsoft.NET\Framework\v1.1.4322\15.0\bin\14.0\bin\Microsoft Shared\web server extensions\15\BIN\14.0\WebServices\ConversionService\Bin\Converter\14.0\WebServices\WordServer\Core\Microsoft.NET\Framework\v2.0.50727\System\msadc\web server extensions\50\isapi\_vti_adm^\\winsxs\\(x86|amd64)_microsoft\.windows\.gdiplus_6595b64144ccf1df_.+$|\\WinSxS\\(x86|amd64)_Microsoft\.Windows\.GdiPlus_6595b64144ccf1df_.+$\Microsoft Shared\web server extensions\14\BIN\bin\i386\msagentOFFICE11\Microsoft Shared\CDO\Windows Media Player\RESsystemsystemsystem\Microsoft Shared\web server extensions\12\BIN\Microsoft Shared\Web Server Extensions\14\ISAPI\Help\SBSI\Training\system32\inetsrv\Microsoft Shared\OFFICE10\System32\drivers\syswow64\AppPatch\Crystal Decisions\1.1\Managed\System32\Microsoft Shared\VGX