The OVAL Repository5.42012-04-30T06:16:04.225-04:00GDI+ BMP Integer Overflow VulnerabilityMicrosoft Office 2003Microsoft Office 2007Microsoft Office Visio 2002Microsoft Office XPMicrosoft PowerPoint ViewerMicrosoft SQL Server 2005Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2005 SP2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2005Microsoft SQL Server 2005 SP2 is installed.J. Daniel BrownDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2002 SP2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office Visio 2002 SP2 is installed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office XP is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The application Microsoft Office XP is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft SQL Server 2005 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft SQL Server 2005Microsoft SQL Server 2005 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint Viewer is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe application Microsoft PowerPoint Viewer is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft Office 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office 2003The application Microsoft Office 2003 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMKen LassesenACCEPTEDRachana ShettyINTERIMACCEPTEDChandan SINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Office 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office 2007The application Microsoft Office 2007 is installed.Jonathan BakerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJonathan BakerACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft JScript Memory Corruption VulnerabilityMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDDirectShow Remote Code Execution VulnerabilityMicrosoft Windows XPWindows XP Media Center Edition 2005Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."Dragos PrisacaDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Edition is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2 x64 EditionDragos PrisacaDRAFTINTERIMTodd DolinskyTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit)Pai PengDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2 Itanium EditionDragos PrisacaDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Edition is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 EditionPai PengDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Service Pack 1 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 Service Pack 1Shane ShafferDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2 Itanium Edition Service Pack 1Josh TurpinDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Service Pack 1 is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2 x64 Service Pack 1Josh TurpinDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) Service Pack 1 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit) Service Pack 1Shane ShafferDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMIDI Remote Code Execution VulnerabilityMicrosoft Windows XPWindows XP Media Center Edition 2005Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."Dragos PrisacaDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 x64 Edition Service Pack 2Dragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 Itanium Edition Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) Service Pack 2 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 (32-bit) Service Pack 2Dragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows XP (x86) SP3 is installedMicrosoft Windows XPA version of Microsoft Windows XP (x86) Service Pack 3 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition Service Pack 2 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows XP x64 Edition SP2 is installedMicrosoft Windows XPA version of Microsoft Windows XP Professional x64 Edition Service Pack 2 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 SP2 (x64) is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x86) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 Service Pack 2 (x86) is installed.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) SP2 is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Service Pack 2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}DisplayVersionHKEY_LOCAL_MACHINE^Software\\Microsoft\\Office\\10\.0\\Registration\\.*$ProductIDHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\SetupVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Microsoft SQL Server\\.*\\MSSQLServer\\CurrentVersion$CurrentVersionpptview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Common\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Common\InstallRootInstallCountHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\SetupSPMSO.DLLOgl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirGdiplus.dllsqlservr.exeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Microsoft SQL Server\\.*\\Setup$SQLPathsqlwb.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionProgramFilesDirjscript.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionBuildLabHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCSDVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTUREHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionProductNameWinmm.dllQuartz.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRoot9.00.3042.0010.2.5110.[0-9]+-.[0-9]+-.[0-9]+-.[0-9]+$^.*-OEM-.*$10.0.0.09.0.0.0^11\..+$0210.0.6844.012.0.6325.500011.0.8230.02005.90.3073.02005.90.3282.05.1.0.125125.5.0.05.6.0.8831^\d+\.win7sp1.*$^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] 7[a-zA-Z0-9\(\)\s]*$6.6.7600.169056.6.7600.210776.6.7601.210006.6.7601.218476.6.7601.177136.6.7600.20000^[a-zA-Z0-9\(\)\s]*2008[a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*2008 [Rr]2[a-zA-Z0-9\(\)\s]*$Service Pack 3^[a-zA-Z0-9\(\)\s]*[Vv][Ii][Ss][Tt][Aa][a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] [Xx][Pp][a-zA-Z0-9\(\)\s]*$amd64x86windowsService Pack 2ia64^[a-zA-Z0-9\(\)\s]*2003[a-zA-Z0-9\(\)\s]*$6.0.6002.185286.6.6002.227325.2.3790.49166.0.6002.227266.6.6002.185336.5.2600.61696.5.3790.49285.1.2600.61606.0.6002.220006.6.6002.22000\Microsoft Office\PowerPoint Viewer\Microsoft Shared\OFFICE10\Microsoft Shared\OFFICE12\Microsoft Office\Office11\Binn\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\System32