Red Hat Linux 9 Mutt Jay Beale 2003-0140 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder ACCEPTED 1 Red Hat Linux 9 CUPS Jay Beale 2003-0195 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out ACCEPTED 1 Sun Solaris 8 kcms_configure David Proulx 2001-0594 kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument ACCEPTED 1 Sun Solaris 8 libnsl David Proulx 2002-0391 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd ACCEPTED 1 Sun Solaris 8 xlock David Proulx 2001-0652 Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable ACCEPTED 1 Sun Solaris 8 snmpdx David Proulx 2002-0796 Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.5 Service Pack 2 David Proulx David Proulx 2002-0026 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made ACCEPTED 3 Sun Solaris 8 Xsun David Proulx 2002-0158 Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument ACCEPTED 1 Sun Solaris 8 CDE David Proulx 2002-0677 CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0079 ACCEPTED Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code ACCEPTED 3 Microsoft Windows 2000 Internet Explorer 6.0 David Proulx David Proulx 2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks ACCEPTED 3 Microsoft Windows NT Windows Shell Matthew Burton 2002-0070 Completing an initial submission. done DRAFT INTERIM ACCEPTED Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Andrew Buttner Andrew Buttner 2002-0189 Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability ACCEPTED 3 Microsoft Windows 2000 Christine Walzer 2003-0715 DRAFT INTERIM ACCEPTED Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0528 ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Andrew Buttner Andrew Buttner 2002-0147 ACCEPTED Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun. ACCEPTED 4 Microsoft Windows 2000 Internet Explorer 5.5 or Internet Explorer 5.5 Service Pack 1 David Proulx David Proulx 2002-0026 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made ACCEPTED 3 Microsoft Windows NT FTP Tiffany Bergeron Tiffany Bergeron 2002-0073 The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters ACCEPTED 3 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0079 ACCEPTED Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code ACCEPTED 3 Microsoft Windows 2000 Network Connection Manager (NCM) Christine Walzer Christine Walzer 2002-0720 A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.01 Tiffany Bergeron Tiffany Bergeron 2002-0193 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability ACCEPTED 2 Red Hat Linux 9 skk Jay Beale 2003-0539 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0364 ACCEPTED Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise. ACCEPTED 4 Microsoft Windows 2000 SMTP Tiffany Bergeron Andrew Buttner 2002-0055 Changed the registry key in question for the SMTP enabled check to SMTPSVC from SMTP. SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 to cause a denial of service via a command with a malformed data transfer (BDAT) request ACCEPTED 3 Sun Solaris 8 cachefsd David Proulx 2002-0033 Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 6.0 David Proulx David Proulx 2002-0026 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made ACCEPTED 3 Sun Solaris 7 Xsun David Proulx 2002-0158 Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument ACCEPTED 1 Sun Solaris 7 whodo David Proulx 2001-1076 Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable ACCEPTED 1 Microsoft Windows 2000 FTP Tiffany Bergeron Tiffany Bergeron 2002-0073 The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters ACCEPTED 4 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2001-0333 Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice ACCEPTED 2 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron 2002-0051 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access ACCEPTED 2 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0150 ACCEPTED Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values ACCEPTED 3 Microsoft Windows 2000 Internet Explorer 5.5 Service Pack 2 David Proulx David Proulx 2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks ACCEPTED 3 Sun Solaris 7 rpc.rwalld David Proulx 2002-0573 Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed ACCEPTED 1 Sun Solaris 7 libnsl David Proulx 2002-0391 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd ACCEPTED 1 Sun Solaris 7 cachefsd David Proulx 2002-0084 Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2000-0884 IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability ACCEPTED 2 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0071 ACCEPTED Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names ACCEPTED 3 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0074 Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session ACCEPTED 2 Sun Solaris 8 whodo David Proulx 2001-1076 Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable ACCEPTED 1 Sun Solaris 7 admintool David Proulx 2002-0088 Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.01 David Proulx David Proulx 2003-1326 Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box. ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 5.01, Internet Explorer 5.01 Service Pack 1, or Internet Explorer 5.01 Service Pack 2 David Proulx David Proulx 2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks ACCEPTED 3 Red Hat Linux 9 EOG Jay Beale 2003-0165 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale 2003-0081 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale 2003-0159 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Sun Solaris 8 rpc.yppasswdd David Proulx 2001-0779 Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 David Proulx David Proulx 2003-1328 The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality. ACCEPTED 2 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0075 Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message ACCEPTED 1 Microsoft Windows 2000 Remote Procedure Call (RPC) Tiffany Bergeron Tiffany Bergeron 2002-1561 The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference ACCEPTED 1 Sun Solaris 8 admintool David Proulx 2002-0088 Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path ACCEPTED 1 Microsoft Windows NT Remote Access Service (RAS) Tiffany Bergeron 2002-0366 Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry ACCEPTED 1 Sun Solaris 7 mibiisa David Proulx 2002-0797 Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges ACCEPTED 1 Microsoft Windows 2000 Remote Access Service (RAS) Tiffany Bergeron 2002-0366 Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry ACCEPTED 2 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron 2002-0018 ACCEPTED INTERIM ACCEPTED In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which could allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain ACCEPTED 3 Sun Solaris 7 kcms_configure David Proulx 2001-0594 kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 David Proulx David Proulx 2003-0223 Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message ACCEPTED 1 Sun Solaris 8 admintool David Proulx 2002-0089 Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file ACCEPTED 1 Sun Solaris 7 admintool David Proulx 2002-0089 Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0356 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions ACCEPTED 1 Sun Solaris 8 dtspcd David Proulx 2001-0803 Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary command ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server 2000 Yi-Fang Koh 2001-0344 ACCEPTED An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0147 ACCEPTED Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun. ACCEPTED 3 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0357 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors ACCEPTED 1 Sun Solaris 7 dtspcd David Proulx 2001-0803 Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary command ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0428 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the DCERPC dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron 2002-0367 smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 5.5 or Internet Explorer 5.5 Service Pack 1 David Proulx David Proulx 2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks ACCEPTED 3 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2001-0333 ACCEPTED INTERIM ACCEPTED Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice ACCEPTED 3 Sun Solaris 8 rpc.rwalld David Proulx 2002-0573 Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed ACCEPTED 1 Sun Solaris 7 CDE David Proulx 2002-0678 CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0148 Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server 2000 Tiffany Bergeron 2001-0509 Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server Yi-Fang Koh Yi-Fang Koh 2001-0542 Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CAN-2001-0879 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0429 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow ACCEPTED 1 Sun Solaris 8 lbxproxy David Proulx 2002-0090 Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option ACCEPTED 1 Microsoft Windows NT Simple Network Management Protocol (SNMP) Harvey Rubinovitz Harvey Rubinovitz 2002-0013 Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0430 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value ACCEPTED 1 Microsoft Windows 2000 Multiple UNC Provider (MUP) Tiffany Bergeron 2002-0151 Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request ACCEPTED 2 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron Ingrid Skoog 2001-0151 corrected configuration criterion INTERIM ACCEPTED IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests ACCEPTED 3 Sun Solaris 7 CDE David Proulx 2002-0677 CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Harvey Rubinovitz Harvey Rubinovitz 2002-0148 Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page ACCEPTED 1 Sun Solaris 8 mibiisa David Proulx 2002-0797 Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0149 ACCEPTED Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names ACCEPTED 3 Microsoft Windows 2000 Internet Explorer 6.0 Andrew Buttner Andrew Buttner 2002-0078 Added the configuration check to see if cookies are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability ACCEPTED 4 Sun Solaris 8 cachefsd David Proulx 2002-0084 Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 David Proulx David Proulx 2002-0371 Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 6.0 Andrew Buttner Andrew Buttner 2002-0193 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability ACCEPTED 3 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0431 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences ACCEPTED 1 Sun Solaris 7 rpc.yppasswdd David Proulx 2001-0779 Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username ACCEPTED 1 Microsoft Windows NT Locator service Tiffany Bergeron 2003-0003 Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0432 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0128 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow ACCEPTED 1 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0129 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron Tiffany Bergeron 2003-0109 Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0 ACCEPTED 2 Red Hat Linux 9 Ximian Evolution Jay Beale 2003-0130 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0547 INTERIM ACCEPTED GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0548 INTERIM ACCEPTED The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CAN-2003-0549 ACCEPTED 1 Sun Solaris 7 snmpdx David Proulx 2002-0796 Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges ACCEPTED 1 Microsoft Windows 2000 ISA Server 2000 Tiffany Bergeron 2003-0526 ACCEPTED Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found. ACCEPTED 1 Microsoft Windows 2000 SMB (Server Message Block) Tiffany Bergeron Tiffany Bergeron 2003-0345 ACCEPTED Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required ACCEPTED 1 Sun Solaris 7 kcms_server David Proulx 2003-0027 Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure ACCEPTED 1 Microsoft Windows 2000 SQL Server 2000 Yi-Fang Koh Yi-Fang Koh 2002-0154 Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron Tiffany Bergeron 2003-0809 Added the configuration check to see if ActiveX controls are enabled by the current user when local machine settings are not in use. ACCEPTED Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page ACCEPTED 1 Sun Solaris 7 cachefsd David Proulx 2002-0033 Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Andrew Buttner Andrew Buttner 2003-1326 Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box. ACCEPTED 2 Microsoft Windows 2000 Remote Procedure Call (RPC) Tiffany Bergeron 2003-0528 ACCEPTED Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0715 ACCEPTED 1 Red Hat Linux 9 GDM Jay Beale 2003-0549 INTERIM ACCEPTED The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0071 ACCEPTED Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names ACCEPTED 3 Sun Solaris 7 xlock David Proulx 2001-0652 Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0149 ACCEPTED Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names ACCEPTED 3 Red Hat Linux 9 GNU Ghostscript Jay Beale Jay Beale 2003-0354 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job ACCEPTED 1 Microsoft Windows 2000 Christine Walzer 2003-0010 DRAFT INTERIM ACCEPTED Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack ACCEPTED 1 Red Hat Linux 9 GnuPG Jay Beale 2003-0255 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path ACCEPTED 1 Microsoft Windows 98 Microsoft Virtual Machine (VM) Tiffany Bergeron 2003-0111 INTERIM ACCEPTED The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise. ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0150 ACCEPTED Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values ACCEPTED 3 Red Hat Linux 9 GtkHTML Jay Beale 2003-0133 INTERIM ACCEPTED GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages ACCEPTED 1 Microsoft Windows NT Simple Network Management Protocol (SNMP) Matt Busby 2001-0046 INTERIM ACCEPTED The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities ACCEPTED 1 Microsoft Windows NT Microsoft Transaction Server (MTS) Matt Busby 2001-0047 INTERIM ACCEPTED The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.01, Internet Explorer 5.01 Service Pack 1 Tiffany Bergeron Andrew Buttner 2001-0154 Added the configuration check to see if file downloads are enabled by the current user when local machine settings are not in use. Changed the status from ACCEPTED to INTERIM ACCEPTED HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly ACCEPTED 2 Microsoft Windows NT Christine Walzer 2003-0112 DRAFT INTERIM ACCEPTED Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Harvey Rubinovitz Harvey Rubinovitz 2002-1186 Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure. ACCEPTED 1 Microsoft Windows 2000 Simple Network Management Protocol (SNMP) Harvey Rubinovitz Harvey Rubinovitz 2002-0012 Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available ACCEPTED 1 Microsoft Windows NT Multiple UNC Provider (MUP) Tiffany Bergeron 2002-0151 Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request ACCEPTED 1 Microsoft Windows NT Christine Walzer 2003-0345 DRAFT INTERIM ACCEPTED Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required ACCEPTED 1 Microsoft Windows 2000 Windows Shell Christine Walzer Christine Walzer 2002-0070 Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled ACCEPTED 1 Red Hat Linux 9 GtkHTML Jay Beale 2003-0541 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference ACCEPTED 1 Sun Solaris 8 fs.auto, xfs David Proulx David Proulx 2002-1317 Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query ACCEPTED 2 Red Hat Linux 9 Apache Jay Beale 2003-0020 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0083 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CAN-2003-0020 ACCEPTED 1 Sun Solaris 7 fs.auto, xfs David Proulx David Proulx 2002-1317 Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query ACCEPTED 2 Red Hat Linux 9 Apache Jay Beale 2003-0132 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed ACCEPTED 1 Microsoft Windows NT Windows NT 4.0 Tiffany Bergeron 2002-0367 smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit ACCEPTED 1 Microsoft Windows NT Windows NT 4.0 Tiffany Bergeron 2002-0018 In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which could allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain ACCEPTED 1 Microsoft Windows NT Simple Network Management Protocol (SNMP) Harvey Rubinovitz Harvey Rubinovitz 2002-0012 Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0192 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite ACCEPTED 1 Red Hat Linux 9 Apache Jay Beale 2003-0253 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service ACCEPTED 1 Sun Solaris 8 CDE David Proulx 2002-0678 CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure ACCEPTED 1 Sun Solaris 7 CDE David Proulx 2002-0679 Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.5 Andrew Buttner Andrew Buttner 2003-1326 Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box. ACCEPTED 2 Sun Solaris 7 lbxproxy David Proulx 2002-0090 Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0364 ACCEPTED Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise. ACCEPTED 3 Red Hat Linux 9 Apache Jay Beale 2003-0254 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket ACCEPTED 1 Microsoft Windows XP Authenticode Tiffany Bergeron Andrew Buttner Christine Walzer 2003-0660 Added the configuration check to see if downloading of signed ActiveX controls are enabled by the current user when local machine settings are not in use. Fixed the logic that checks for one version of the file if no sp is installed and a different version if sp1 is installed. The compound test that includes SP1 or earlier has been added ACCEPTED INTERIM ACCEPTED The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval ACCEPTED 2 Microsoft Windows 2000 Microsoft Word 2000 Christine Walzer 2003-0664 Added word 2000 and winword.exe information changed to word 2000 DRAFT INTERIM ACCEPTED Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document ACCEPTED 1 Microsoft Windows 2000 SMB (Server Message Block) Christine Walzer Christine Walzer 2002-0724 Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service" ACCEPTED 1 Microsoft Windows 2000 Certificate Enrollment Control Christine Walzer Christine Walzer 2002-0699 ACCEPTED Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2000-0886 IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability ACCEPTED 3 Sun Solaris 8 CDE David Proulx 2002-0679 Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure ACCEPTED 1 Red Hat Linux 9 KDM Jay Beale 2003-0690 INTERIM ACCEPTED KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module ACCEPTED 1 Microsoft Windows NT Christine Walzer 2003-0352 DRAFT INTERIM ACCEPTED Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms ACCEPTED 1 Sun Solaris 8 kcms_server David Proulx 2003-0027 Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2001-0500 ACCEPTED Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red ACCEPTED 3 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron Tiffany Bergeron 2003-0660 Added the configuration check to see if downloading of signed ActiveX controls are enabled by the current user when local machine settings are not in use. ACCEPTED The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval ACCEPTED 1 Microsoft Windows 2000 Remote Data Protocol (RDP) Tiffany Bergeron Tiffany Bergeron 2002-0863 Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol. ACCEPTED 2 Microsoft Windows 98 Windows Script Engine for JScript v5.6 Tiffany Bergeron David Proulx Christine Walzer 2003-0010 Corrected to reflect the unification of the Windows Schema Added the configuration check to see if active scripting is enabled by the current user when local machine settings are not in use. Added Patch to Definition negated patch ACCEPTED INTERIM ACCEPTED Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack ACCEPTED 3 Microsoft Windows XP Windows XP Tiffany Bergeron Tiffany Bergeron Andrew Buttner Christine Walzer 2003-0659 Fixed the logic that checks for one version of the file if no sp is installed and a different version if sp1 is installed. The compound test that includes a check for SP1 or earlier has been added ACCEPTED INTERIM ACCEPTED Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application ACCEPTED 2 Microsoft Windows 2000 Microsoft Word 2000 Ingrid Skoog 2002-1143 DRAFT INTERIM ACCEPTED Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure. ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Harvey Rubinovitz Harvey Rubinovitz 2002-1187 ACCEPTED Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron Tiffany Bergeron Andrew Buttner 2003-0838 Added the configuration check to see if ActiveX controls are enabled by the current user when local machine settings are not in use. ACCEPTED Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CAN-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe) ACCEPTED 1 Microsoft Windows 2000 Microsoft Word 2000 Ingrid Skoog 2002-1056 made into a real definition DRAFT INTERIM ACCEPTED Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner Andrew Buttner 2003-1048 DRAFT INTERIM ACCEPTED Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Tiffany Bergeron Tiffany Bergeron 2004-0549 DRAFT INTERIM ACCEPTED The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifiying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object ACCEPTED 1 Microsoft Windows 2000 Simple Network Management Protocol (SNMP) Tiffany Bergeron 2002-0053 Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CAN-2002-0012 and CAN-2002-0013, will be updated when more accurate information is available ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Harvey Rubinovitz Harvey Rubinovitz 2002-0075 Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner Andrew Buttner 2003-1048 DRAFT INTERIM ACCEPTED Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image ACCEPTED 1 Microsoft Windows 2000 Messenger Service Christine Walzer Christine Walzer Andrew Buttner 2003-0717 Fixed an error in the configuration section, now correctly testing that messenger service is enabled. Before it was testing that HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start=2, now it is testing that it does not equal 4. ACCEPTED ACCEPTED The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack ACCEPTED 2 Red Hat Linux 9 KDM Jay Beale 2003-0692 INTERIM ACCEPTED KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Ingrid Skoog Ingrid Skoog 2004-0566 DRAFT INTERIM ACCEPTED Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value ACCEPTED 1 Microsoft Windows 2000 Help and Support Center (HSC) Christine Walzer Christine Walzer 2003-0711 ACCEPTED Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL ACCEPTED 1 Microsoft Windows NT Christine Walzer 2003-0346 DRAFT INTERIM ACCEPTED Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.5 Harvey Rubinovitz Harvey Rubinovitz 2002-1187 ACCEPTED Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0028 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CAN-2002-0391 ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server Tiffany Bergeron 2000-1081 The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability ACCEPTED 1 Microsoft Windows 2000 SQL Server 2000 Yi-Fang Koh Yi-Fang Koh 2003-0230 Microsoft SQL Server 7, 2000, and MSDE allows local users go gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner Andrew Buttner 2003-1048 DRAFT INTERIM ACCEPTED Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron Andrew Buttner 2003-0662 Added the configuration check to see if ActiveX controls are enabled by the current user when local machine settings are not in use. ACCEPTED Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML formatter e-mail or web page ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Tiffany Bergeron Tiffany Bergeron 2004-0549 DRAFT INTERIM ACCEPTED The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifiying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0082 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun") ACCEPTED 1 Microsoft Windows Server 2003 Network News Transport Protocol (NNTP) Christine Walzer 2004-0574 DRAFT INTERIM ACCEPTED The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0138 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack ACCEPTED 1 Red Hat Linux 9 krb5 Jay Beale 2003-0139 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing. ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Yi-Fang Koh Yi-Fang Koh 2001-0879 Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0127 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel ACCEPTED 1 Red Hat Linux 9 Netfilter Jay Beale 2003-0187 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts ACCEPTED 1 Red Hat Linux 9 Netfilter Jay Beale 2003-0244 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions ACCEPTED 1 Microsoft Windows 2000 Christine Walzer 2003-0112 DRAFT INTERIM ACCEPTED Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron 2003-0715 ACCEPTED Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0528 ACCEPTED 1 Microsoft Windows XP Windows XP Tiffany Bergeron Tiffany Bergeron Andrew Buttner Christine Walzer 2003-0717 Fixed the logic that checks for one version of the file if no sp is installed and a different version if sp1 is installed. CMP-66 has been added ACCEPTED INTERIM ACCEPTED The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack ACCEPTED 2 Microsoft Windows 2000 Microsoft SQL Server 2000 Yi-Fang Koh Yi-Fang Koh 2002-0056 Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Harvey Rubinovitz Harvey Rubinovitz 2002-1217 ACCEPTED Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions ACCEPTED 1 Microsoft Windows 2000 SMB Signing (Server Message Block) Christine Walzer 2002-1256 ACCEPTED The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0246 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports ACCEPTED 1 Microsoft Windows XP Windows Media Player for Windows XP Tiffany Bergeron 2002-0372 ACCEPTED Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player" ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0247 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops") ACCEPTED 1 Microsoft Windows XP Windows Media Player for Windows XP Tiffany Bergeron 2001-0719 ACCEPTED Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file ACCEPTED 1 Microsoft Windows 2000 SQL Server 2000 Yi-Fang Koh Yi-Fang Koh 2002-0624 Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure. ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0248 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address ACCEPTED 1 Microsoft Windows NT MDAC 2.6 Ingrid Skoog 2002-1142 DRAFT INTERIM ACCEPTED Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0364 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions ACCEPTED 1 Microsoft Windows 2000 Remote Procedure Call (RPC) Tiffany Bergeron 2003-0352 ACCEPTED Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms ACCEPTED 1 Microsoft Windows 2000 Simple Network Management Protocol (SNMP) Harvey Rubinovitz Harvey Rubinovitz 2002-0013 Changed CAN-2002-0012 to CAN-2002-0013. INTERIM ACCEPTED Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available ACCEPTED 2 Microsoft Windows 2000 SQL Server 2000 Yi-Fang Koh Yi-Fang Koh 2003-0231 Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe ACCEPTED 1 Microsoft Windows 2000 SQL Server 2000 Yi-Fang Koh Yi-Fang Koh 2003-0232 Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow ACCEPTED 1 Red Hat Linux 9 /proc/tty/driver/serial Jay Beale 2003-0461 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Ingrid Skoog Ingrid Skoog 2004-0566 DRAFT INTERIM ACCEPTED Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value ACCEPTED 1 Microsoft Windows 2000 Microsoft FrontPage Server Extensions 2000 Tiffany Bergeron Tiffany Bergeron 2003-0824 Changed the definition to look at the file shtml.dll instead of fp4awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled. INTERIM ACCEPTED Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0462 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash) ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0464 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd ACCEPTED 1 Microsoft Windows 2000 SQL Server 2000 Yi-Fang Koh Yi-Fang Koh 2002-0641 Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query ACCEPTED 1 Microsoft Windows NT Windows NT 4.0 Tiffany Bergeron Tiffany Bergeron 2003-0525 INTERIM ACCEPTED The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method ACCEPTED 2 Microsoft Windows XP Windows Media Player for Windows XP Tiffany Bergeron 2003-0228 ACCEPTED Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Ingrid Skoog Ingrid Skoog 2004-0566 DRAFT INTERIM ACCEPTED Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0476 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0501 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries ACCEPTED 1 Microsoft Windows XP Microsoft Windows Workstation Service Andrew Buttner Andrew Buttner Christine Walzer 2003-0812 Added 64-bit edition support to this definition allowing us to deprecated OVAL332 INTERIM ACCEPTED INTERIM ACCEPTED Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 5.5 Harvey Rubinovitz Harvey Rubinovitz 2002-1217 ACCEPTED Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions ACCEPTED 1 Microsoft Windows 2000 Network News Transport Protocol (NNTP) Christine Walzer 2001-0543 ACCEPTED Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0814 Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 95 Microsoft Word 2000 Christine Walzer Christine Walzer 2003-0820 ACCEPTED Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron Tiffany Bergeron 2003-0659 ACCEPTED Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner Andrew Buttner 2003-0814 Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp3 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner Andrew Buttner 2003-0814 Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp4 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0814 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner Andrew Buttner 2003-0814 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner Andrew Buttner 2003-0814 Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0815 Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of having IE 5.01 sp2 installed. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner Andrew Buttner 2003-0815 Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of having IE 5.01 sp3 installed. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner Andrew Buttner 2003-0815 Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of having IE 5.01 sp4 installed. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0815 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner Andrew Buttner 2003-0815 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner Andrew Buttner 2003-0815 Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0816 Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner Andrew Buttner 2003-0816 Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp3 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner Andrew Buttner 2003-0816 Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp4 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows XP Microsoft FrontPage Server Extensions 2000 Andrew Buttner Andrew Buttner 2003-0822 Changed the definition to test for fp30reg.dll and fp4areg.dll instead of fp4awel.dll. INTERIM ACCEPTED Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request ACCEPTED 1 Microsoft Windows NT Microsoft FrontPage Server Extensions 2002 Andrew Buttner Andrew Buttner Christine Walzer 2003-0822 Changed the definition to test for fp30reg.dll and fp5areg.dll instead of fp5awel.dll. XP SP2 added INTERIM ACCEPTED INTERIM ACCEPTED Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request ACCEPTED 2 Microsoft Windows 2000 Microsoft SharePoint Team Services Andrew Buttner Andrew Buttner Christine Walzer 2003-0822 Changed the definition to test for fp30reg.dll and fp5areg.dll instead of fp5awel.dll. XP SP2 added INTERIM ACCEPTED INTERIM ACCEPTED Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request ACCEPTED 2 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0823 Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027 ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner Andrew Buttner 2003-0823 Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp3 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027 ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner Andrew Buttner 2003-0823 Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp4 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027 ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0823 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027 ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner Andrew Buttner 2003-0823 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027 ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2003-0225 The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page ACCEPTED 1 Microsoft Windows 2000 HTML Help ActiveX Control Christine Walzer Andrew Buttner 2002-0693 Added the configuration check to see if active scripting is enabled by the current user when local machine settings are not in use. ACCEPTED Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0550 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0551 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0552 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0619 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0699 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CAN-2003-0700 ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Harvey Rubinovitz Harvey Rubinovitz 2002-1254 ACCEPTED Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods. ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Tiffany Bergeron Tiffany Bergeron Andrew Buttner 2003-0814 Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch. Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Harvey Rubinovitz Harvey Rubinovitz 2002-1185 ACCEPTED Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure. ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale 2003-0700 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CAN-2003-0699 ACCEPTED 1 Microsoft Windows NT Simple Network Management Protocol (SNMP) Matt Busby Matthew Burton 2002-0053 Filled out initial submission. Now a complete definition. DRAFT INTERIM ACCEPTED Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CAN-2002-0012 and CAN-2002-0013, will be updated when more accurate information is available ACCEPTED 1 Microsoft Windows 2000 HTML Help Facility Christine Walzer 2002-0694 ACCEPTED The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File. ACCEPTED 1 Microsoft Windows 2000 ISA Server 2000 Tiffany Bergeron 2003-0110 ACCEPTED The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745 ACCEPTED 0 Microsoft Windows 2000 Internet Explorer 5.5 Harvey Rubinovitz Harvey Rubinovitz 2002-1254 ACCEPTED Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods. ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0816 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability ACCEPTED 1 Red Hat Linux 9 Konqueror Jay Beale 2003-0459 INTERIM ACCEPTED KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner Andrew Buttner 2003-0816 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability ACCEPTED 1 Red Hat Linux 9 LPRng Jay Beale 2003-0136 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file ACCEPTED 1 Microsoft Windows 2000 Telnet protocol Christine Walzer Christine Walzer 2002-0020 Changed patch registry key value to IsInstalled INTERIM ACCEPTED Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options ACCEPTED 2 Microsoft Windows 2000 Microsoft Word 2002 Ingrid Skoog 2002-1056 DRAFT INTERIM ACCEPTED Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to ACCEPTED 1 Red Hat Linux 9 lv Jay Beale 2003-0188 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories ACCEPTED 1 Red Hat Linux 9 Mutt Jay Beale 2003-0140 INTERIM ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder ACCEPTED 1 Red Hat Linux 9 MySQL Jay Beale 2003-0073 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user ACCEPTED 1 Red Hat Linux 9 MySQL Jay Beale 2003-0150 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart ACCEPTED 1 Red Hat Linux 9 nfs-utils Jay Beale 2003-0252 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Harvey Rubinovitz Harvey Rubinovitz 2002-1188 ACCEPTED Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading. ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale Jay Beale 2003-0190 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0682 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CAN-2003-0693 and CAN-2003-0695 ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0693 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695 ACCEPTED 1 Microsoft Windows XP Windows kernel Christine Walzer Christine Walzer 2004-0893 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows 2000 Utilities Manager/Windows Messaging Christine Walzer 2003-0350 ACCEPTED The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function ACCEPTED 1 Red Hat Linux 9 OpenSSH Jay Beale 2003-0695 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CAN-2003-0693 ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner Andrew Buttner 2003-0816 Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability ACCEPTED 1 Red Hat Linux 9 OpenSSL Jay Beale 2003-0131 Corrected syntax errors in sql verion of the definition. Added cmp-914 which uses an or to combine the 5 version tests. Previously the tests had been combined with an and. INTERIM ACCEPTED The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack. ACCEPTED 1 Red Hat Linux 9 OpenSSL Jay Beale 2003-0147 Corrected syntax errors in sql verion of the definition. Added cmp-914 which uses an or to combine the 5 version tests. Previously the tests had been combined with an and. INTERIM ACCEPTED OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal) ACCEPTED 1 Red Hat Linux 9 pam_smb Jay Beale 2003-0686 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Linux 9 CGI.pm Jay Beale 2003-0615 INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.01 Harvey Rubinovitz Harvey Rubinovitz 2002-1186 ACCEPTED Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure. ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Tiffany Bergeron Tiffany Bergeron Andrew Buttner 2003-0815 Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch. Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Microsoft Exchange Server 2003 Andrew Buttner 2003-0904 INTERIM ACCEPTED Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Security and Acceleration Server 2000 David Proulx David Proulx 2003-0819 INTERIM ACCEPTED Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 Service Pack 1 Tiffany Bergeron Tiffany Bergeron Andrew Buttner 2003-0816 Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch. Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2003-0224 ACCEPTED Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun. ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server 2000 Matthew Burton 2002-0186 filling out initial submission. Added service pack 3 test DRAFT DRAFT INTERIM ACCEPTED Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension. ACCEPTED 1 Red Hat Linux 9 php Jay Beale Jay Beale 2003-0442 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server 2000 Matthew Burton 2002-0186 Input of initial submission. DRAFT DRAFT INTERIM ACCEPTED Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner 2003-1025 INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner 2003-1025 INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Remote Procedure Call (RPC) Tiffany Bergeron 2003-0605 ACCEPTED The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.5 Harvey Rubinovitz Harvey Rubinovitz 2002-1186 ACCEPTED Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure. ACCEPTED 1 Red Hat Linux 9 pine Jay Beale 2003-0720 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type ACCEPTED 1 Microsoft Windows NT Remote Access Service (RAS) Matt Busby 2001-0045 INTERIM ACCEPTED The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities ACCEPTED 1 Red Hat Linux 9 pine Jay Beale 2003-0721 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Ingrid Skoog Ingrid Skoog 2004-0566 DRAFT INTERIM ACCEPTED Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0817 Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner Andrew Buttner 2003-1048 DRAFT INTERIM ACCEPTED Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner 2003-1025 INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability. ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner 2003-1025 INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability. ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Andrew Buttner 2003-1025 INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability. ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner 2003-1025 INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Ingrid Skoog Ingrid Skoog 2004-0566 DRAFT INTERIM ACCEPTED Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner Andrew Buttner 2003-1048 DRAFT INTERIM ACCEPTED Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Tiffany Bergeron Tiffany Bergeron 2004-0549 DRAFT INTERIM ACCEPTED The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifiying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner Andrew Buttner 2003-0817 Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp3 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object ACCEPTED 1 Red Hat Linux 9 Postfix Jay Beale 2003-0468 INTERIM ACCEPTED Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port ACCEPTED 1 Microsoft Windows 95 Microsoft Data Access Compnents 2.5 Christine Walzer Christine Walzer 2003-0903 INTERIM ACCEPTED Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner 2003-1025 INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner 2003-1027 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner 2003-1027 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner 2003-1027 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability. ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner 2003-1027 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability. ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Andrew Buttner 2003-1027 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability. ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner 2003-1027 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability. ACCEPTED 1 Microsoft Windows XP Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0901 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows 2000 Internet Explorer 5.5 Harvey Rubinovitz Harvey Rubinovitz 2002-1185 ACCEPTED Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure. ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 Service Pack 1 Tiffany Bergeron Tiffany Bergeron Andrew Buttner 2003-0817 Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch. Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object ACCEPTED 1 Red Hat Linux 9 Postfix Jay Beale 2003-0540 INTERIM ACCEPTED The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner Andrew Buttner 2003-0817 Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp4 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner Andrew Buttner 2003-0817 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch. Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object ACCEPTED 1 Red Hat Linux 9 smbd Jay Beale 2003-0085 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code ACCEPTED 1 Microsoft Windows 95 Microsoft Data Access Compnents 2.6 Christine Walzer Christine Walzer 2003-0903 INTERIM ACCEPTED Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request ACCEPTED 1 Red Hat Linux 9 Samba Jay Beale 2003-0086 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown ACCEPTED 1 Sun Solaris 7 Xsun Brian Soby Brian Soby 2001-0422 DRAFT Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable DRAFT 0 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner Andrew Buttner 2003-0817 Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object ACCEPTED 1 Red Hat Linux 9 Samba Jay Beale 2003-0196 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CAN-2003-0201 ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner Andrew Buttner 2003-0817 Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object ACCEPTED 1 Red Hat Linux 9 Samba, Samba-TNG Jay Beale 2003-0201 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Linux 9 semi MIME library Jay Beale Jay Beale 2003-0440 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0694 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c ACCEPTED 1 Microsoft Windows 2000 Microsoft Windows Workstation Service Tiffany Bergeron Tiffany Bergeron 2003-0812 ACCEPTED Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API ACCEPTED 1 Microsoft Windows 98 Microsoft Virtual Machine (VM) Tiffany Bergeron 2002-1258 INTERIM ACCEPTED Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error ACCEPTED 1 Microsoft Windows 95 Microsoft Word 97 Andrew Buttner Andrew Buttner 2003-0820 INTERIM ACCEPTED Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack ACCEPTED 1 Microsoft Windows 95 Microsoft Word 98 Andrew Buttner Andrew Buttner 2003-0820 INTERIM ACCEPTED Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner Andrew Buttner 2003-0823 Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch. Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027 ACCEPTED 1 Microsoft Windows NT Microsoft FrontPage Server Extensions 2000 Andrew Buttner Andrew Buttner 2003-0824 Changed the definition to look at the file shtml.dll instead of fp4awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled. INTERIM ACCEPTED Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0681 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0688 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data ACCEPTED 1 Red Hat Linux 9 Sendmail Jay Beale 2003-0694 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c ACCEPTED 1 Microsoft Windows XP Microsoft FrontPage Server Extensions 2000 Andrew Buttner Andrew Buttner 2003-0824 Changed the definition to look at the file shtml.dll instead of fp4awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled. INTERIM ACCEPTED Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request ACCEPTED 1 Red Hat Linux 9 SquirrelMail Jay Beale 2003-0160 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser ACCEPTED 1 Red Hat Linux 9 unzip Jay Beale 2003-0282 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence ACCEPTED 1 Microsoft Windows NT Microsoft FrontPage Server Extensions 2002 Andrew Buttner Andrew Buttner Christine Walzer 2003-0824 Changed the definition to look at the file shtml.dll instead of fp5awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled. XP SP2 added INTERIM ACCEPTED INTERIM Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request INTERIM 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner 2003-1027 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 2 Andrew Buttner 2003-1026 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability. ACCEPTED 1 Red Hat Linux 9 up2date Jay Beale 2003-0546 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised ACCEPTED 1 Red Hat Linux 9 vsftpd Jay Beale 2003-0135 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended ACCEPTED 1 Microsoft Windows 95 Microsoft Excel 2000 Christine Walzer Christine Walzer 2003-0821 ACCEPTED Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Andrew Buttner 2003-1026 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft ASN.1 Library Andrew Buttner 2003-0818 INTERIM ACCEPTED Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings ACCEPTED 1 Red Hat Linux 9 xinetd Jay Beale 2003-0211 Corrected syntax errors in sql verion of the definition. Changed tested epoch in xinetd test rvt-253 to 2, based on testing. INTERIM ACCEPTED Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections ACCEPTED 1 Red Hat Linux 9 xpdf Jay Beale Jay Beale 2003-0434 INTERIM ACCEPTED Various PDF viewers including Adobe Acrobat 5.06 and Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink ACCEPTED 1 Red Hat Linux 9 ypserv Jay Beale Jay Beale 2003-0251 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block ACCEPTED 1 Microsoft Windows 95 Microsoft Word 2002 Andrew Buttner Andrew Buttner 2003-0820 INTERIM ACCEPTED Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack ACCEPTED 1 Microsoft Windows 95 Microsoft Excel 97 Andrew Buttner Andrew Buttner 2003-0821 INTERIM ACCEPTED Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model ACCEPTED 1 Microsoft Windows NT NetDDE Agent Ingrid Skoog 2002-1230 DRAFT INTERIM ACCEPTED NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation. ACCEPTED 1 Microsoft Windows XP Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0571 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Andrew Buttner 2003-1026 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner 2003-1026 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.5 Harvey Rubinovitz Harvey Rubinovitz 2002-1188 ACCEPTED Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading. ACCEPTED 1 Microsoft Windows 95 Microsoft Excel 2002 Andrew Buttner Andrew Buttner 2003-0821 INTERIM ACCEPTED Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model ACCEPTED 1 Microsoft Windows NT Microsoft FrontPage Server Extensions 2000 Andrew Buttner Andrew Buttner 2003-0822 Changed the definition to test for fp30reg.dll and fp4areg.dll instead of fp4awel.dll. INTERIM ACCEPTED Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request ACCEPTED 1 Microsoft Windows 2000 Windows Internet Naming Service (WINS) Andrew Buttner 2003-0825 INTERIM ACCEPTED The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 Service Pack 1 Tiffany Bergeron Tiffany Bergeron Andrew Buttner 2003-0823 Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch. Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL. INTERIM ACCEPTED Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027 ACCEPTED 1 Microsoft Windows 2000 Microsoft FrontPage Server Extensions 2000 Tiffany Bergeron Tiffany Bergeron Andrew Buttner 2003-0822 Changed the definition to test for fp30reg.dll and fp4areg.dll instead of fp4awel.dll. INTERIM ACCEPTED Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Andrew Buttner 2003-1026 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows 98 Microsoft Data Access Compnents 2.7 Christine Walzer Christine Walzer 2003-0903 INTERIM ACCEPTED Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request ACCEPTED 1 Microsoft Windows 2000 Microsoft SharePoint Team Services Andrew Buttner Andrew Buttner Christine Walzer 2003-0824 Changed the definition to look at the file shtml.dll instead of fp5awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled. XP SP2 added INTERIM ACCEPTED INTERIM Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request INTERIM 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Andrew Buttner 2003-1026 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows 98 Microsoft Data Access Compnents 2.8 Christine Walzer Christine Walzer 2003-0903 INTERIM ACCEPTED Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request ACCEPTED 1 Microsoft Windows 2000 Local Security Authority Subsystem Service (LSASS) Christine Walzer Christine Walzer 2004-0894 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows XP Christine Walzer 2003-0112 DRAFT Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger DRAFT 0 Microsoft Windows 98 Windows Script Engine for JScript v5.1 Tiffany Bergeron Tiffany Bergeron David Proulx Christine Walzer 2003-0010 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. Added patch information to definition INTERIM ACCEPTED INTERIM ACCEPTED Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack ACCEPTED 2 Microsoft Windows 98 Windows Script Engine for JScript v5.5 Tiffany Bergeron Tiffany Bergeron David Proulx Christine Walzer 2003-0010 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. Added patch information to definition INTERIM ACCEPTED INTERIM ACCEPTED Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack ACCEPTED 2 Microsoft Windows NT Microsoft ASN.1 Library Andrew Buttner 2003-0818 INTERIM ACCEPTED Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings ACCEPTED 1 Microsoft Windows XP Microsoft ASN.1 Library Andrew Buttner Christine Walzer 2003-0818 INTERIM ACCEPTED INTERIM ACCEPTED Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings ACCEPTED 2 Microsoft Windows Server 2003 Microsoft ASN.1 Library Andrew Buttner 2003-0818 INTERIM ACCEPTED Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings ACCEPTED 1 Microsoft Windows NT Windows Internet Naming Service (WINS) Andrew Buttner 2003-0825 INTERIM ACCEPTED The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Microsoft Windows NT Windows Internet Naming Service (WINS) Andrew Buttner 2003-0825 INTERIM ACCEPTED The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Microsoft Windows Server 2003 Windows Internet Naming Service (WINS) Andrew Buttner 2003-0825 INTERIM ACCEPTED The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Red Hat Linux 9 PWLib Jay Beale Jay Beale Matt Busby 2004-0097 Added a program_name element to rlt-217 ACCEPTED Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol ACCEPTED 1 Red Hat Linux 9 netpbm Jay Beale Jay Beale Matt Busby 2003-0924 Corrected syntax errors in sql verion of the definition. ACCEPTED netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Andrew Buttner 2003-1026 Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability. ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0083 Corrected syntax errors in sql verion of the definition. ACCEPTED Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084 and CAN-2004-0106 ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0084 Corrected syntax errors in sql verion of the definition. ACCEPTED Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083 and CAN-2004-0106 ACCEPTED 1 Red Hat Linux 9 XFree86 Jay Beale Jay Beale Matt Busby 2004-0106 Corrected syntax errors in sql verion of the definition. ACCEPTED Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CAN-2004-0083 and CAN-2004-0084 ACCEPTED 1 Red Hat Enterprise Linux 3 netpbm Jay Beale Jay Beale Matt Busby 2003-0924 Corrected syntax errors in sql verion of the definition. ACCEPTED netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files ACCEPTED 1 Red Hat Linux 9 Mutt Jay Beale Jay Beale 2004-0078 ACCEPTED Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages ACCEPTED 1 Red Hat Linux 9 Mailman Jay Beale Jay Beale 2003-0965 ACCEPTED Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities ACCEPTED 1 Red Hat Linux 9 Mailman Jay Beale Jay Beale 2003-0992 ACCEPTED Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0006 ACCEPTED Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0007 ACCEPTED Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Red Hat Linux 9 Gaim Jay Beale Jay Beale 2004-0008 ACCEPTED Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow ACCEPTED 1 Red Hat Linux 9 slocate Jay Beale Jay Beale Matt Busby 2003-0848 Corrected syntax errors in sql verion of the definition. ACCEPTED Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used ACCEPTED 1 Red Hat Linux 9 Midnight Commander Jay Beale Matt Busby 2003-1023 Corrected syntax errors in sql verion of the definition. ACCEPTED Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion ACCEPTED 1 Red Hat Linux 9 KDE Jay Beale Jay Beale 2003-0592 INTERIM ACCEPTED Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application ACCEPTED 1 Red Hat Enterprise Linux 3 mremap Jay Beale Jay Beale Matt Busby 2004-0077 Corrected syntax errors in sql verion of the definition. ACCEPTED The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985 ACCEPTED 1 Red Hat Enterprise Linux 3 PWLib Jay Beale Jay Beale Matt Busby 2004-0097 Added a program_name element to rlt-217 ACCEPTED Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol ACCEPTED 1 Red Hat Enterprise Linux 3 Samba 3.0.0 and 3.0.1 Jay Beale Jay Beale Matt Busby 2004-0082 Corrected syntax errors in sql verion of the definition. ACCEPTED The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password ACCEPTED 1 Red Hat Linux 9 mod_python Jay Beale Jay Beale Matt Busby 2003-0973 Corrected syntax errors in sql verion of the definition. ACCEPTED Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string ACCEPTED 1 Red Hat Enterprise Linux 3 XFree86 Jay Beale Matt Busby 2004-0083 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 ACCEPTED Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084 and CAN-2004-0106 ACCEPTED 1 Red Hat Enterprise Linux 3 XFree86 Jay Beale Jay Beale Matt Busby 2004-0084 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 ACCEPTED Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083 and CAN-2004-0106 ACCEPTED 1 Red Hat Enterprise Linux 3 XFree86 Jay Beale Jay Beale Matt Busby 2004-0106 Corrected syntax errors in sql verion of the definition. ACCEPTED Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CAN-2004-0083 and CAN-2004-0084 ACCEPTED 1 Red Hat Enterprise Linux 3 XMLSoft Libxml2 Jay Beale Jay Beale Matt Busby 2004-0110 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale Jay Beale Matt Busby 2004-0003 Corrected syntax errors in sql verion of the definition. ACCEPTED Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking. ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale Jay Beale Matt Busby 2004-0010 Corrected syntax errors in sql verion of the definition. ACCEPTED Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges ACCEPTED 1 Red Hat Linux 9 Vicam USB driver Jay Beale Jay Beale Matt Busby 2004-0075 Corrected syntax errors in sql verion of the definition. ACCEPTED The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service ACCEPTED 1 Red Hat Linux 9 mremap Jay Beale Jay Beale Matt Busby 2004-0077 Corrected syntax errors in sql verion of the definition. ACCEPTED The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985 ACCEPTED 1 Red Hat Enterprise Linux 3 Mutt Jay Beale Jay Beale Matt Busby 2004-0078 Corrected pattern used in rrt-206 ACCEPTED Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages ACCEPTED 1 Red Hat Linux 9 mod_python Jay Beale Jay Beale Matt Busby 2003-0973 Corrected syntax errors in sql verion of the definition. ACCEPTED Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string ACCEPTED 1 Microsoft Windows 2000 Windows Media Services Tiffany Bergeron Tiffany Bergeron 2003-0905 INTERIM Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets INTERIM 0 Microsoft Windows 95 Microsoft Outlook Andrew Buttner Andrew Buttner 2004-0121 INTERIM ACCEPTED Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs ACCEPTED 1 Microsoft Windows 95 MSN Messenger Christine Walzer Christine Walzer Andrew Buttner 2004-0122 Fixed the path for both versions of the file to look at the correct registry key to determine the location of the 'Program Files' folder.. INTERIM ACCEPTED Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files ACCEPTED 1 Red Hat Enterprise Linux 3 gdk-pixbuf Jay Beale Jay Beale Matt Busby 2004-0111 Corrected pattern used in rrt-206 INTERIM ACCEPTED gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file ACCEPTED 1 Red Hat Linux 9 gdk-pixbuf Jay Beale Jay Beale Matt Busby 2004-0111 Corrected pattern used in rrt-206 INTERIM ACCEPTED gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file ACCEPTED 1 Red Hat Linux 9 tcpdump Jay Beale Jay Beale 2003-0989 ACCEPTED tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CAN-2004-0057 ACCEPTED 1 Red Hat Linux 9 sysstat Jay Beale Jay Beale Matt Busby 2004-0107 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CAN-2004-0108 ACCEPTED 1 Red Hat Linux 9 tcpdump Jay Beale Jay Beale 2004-0055 ACCEPTED The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value ACCEPTED 1 Red Hat Linux 9 tcpdump Jay Beale Jay Beale 2004-0057 ACCEPTED The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CAN-2003-0989 ACCEPTED 1 Red Hat Enterprise Linux 3 tcpdump Jay Beale Jay Beale 2003-0989 ACCEPTED tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CAN-2004-0057 ACCEPTED 1 Red Hat Enterprise Linux 3 tcpdump Jay Beale Jay Beale 2004-0055 ACCEPTED The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value ACCEPTED 1 Red Hat Enterprise Linux 3 tcpdump Jay Beale Jay Beale Matt Busby 2004-0057 Corrected pattern used in rrt-206 ACCEPTED The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CAN-2003-0989 ACCEPTED 1 Red Hat Linux 9 CVS server Jay Beale Jay Beale Matt Busby 2003-0977 Corrected syntax errors in sql verion of the definition. ACCEPTED CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale Matt Busby 2003-1012 Corrected syntax errors in sql verion of the definition. ACCEPTED The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets ACCEPTED 1 Red Hat Linux 9 Tethereal Jay Beale Jay Beale Matt Busby 2003-1013 Corrected syntax errors in sql verion of the definition. ACCEPTED The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference ACCEPTED 1 Red Hat Linux 9 KDE Personal Information Management (kdepim) Jay Beale Jay Beale 2003-0988 ACCEPTED Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale Jay Beale Matt Busby 2003-0984 Corrected syntax errors in sql verion of the definition. ACCEPTED Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space ACCEPTED 1 Red Hat Linux 9 Linux kernel Jay Beale Jay Beale Matt Busby 2003-0985 Corrected syntax errors in sql verion of the definition. ACCEPTED The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077 ACCEPTED 1 Red Hat Enterprise Linux 3 nfs-utils packages Jay Beale Jay Beale Matt Busby 2004-0154 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name ACCEPTED 1 Red Hat Enterprise Linux 3 Sysstat Jay Beale Jay Beale Matt Busby 2004-0107 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CAN-2004-0108 ACCEPTED 1 Red Hat Linux 9 httpd Jay Beale Matt Busby 2003-0542 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures ACCEPTED 1 Red Hat Enterprise Linux 3 Apache Jay Beale Jay Beale Matt Busby 2003-0542 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures ACCEPTED 1 Red Hat Enterprise Linux 3 KDE Personal Information Management (kdepim) Jay Beale Jay Beale Matt Busby 2003-0988 Corrected pattern used in rrt-206 INTERIM ACCEPTED Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file ACCEPTED 1 Red Hat Enterprise Linux 3 CVS server Jay Beale Jay Beale Matt Busby 2003-0977 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Matt Busby Matt Busby 2003-0985 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077 ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Matt Busby Matt Busby 2004-0001 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges ACCEPTED 1 Red Hat Enterprise Linux 3 Net-SNMP Matt Busby Matt Busby 2003-0935 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed ACCEPTED 1 Red Hat Enterprise Linux 3 OpenSSL Matt Busby Matt Busby 2004-0079 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference ACCEPTED 1 Red Hat Enterprise Linux 3 OpenSSL Matt Busby Matt Busby 2004-0081 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool ACCEPTED 1 Red Hat Linux 9 mozilla Jay Beale 2003-0564 INTERIM ACCEPTED Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite ACCEPTED 1 Red Hat Linux 9 mozilla Jay Beale 2003-0594 INTERIM ACCEPTED Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application ACCEPTED 1 Red Hat Linux 9 mozilla Jay Beale 2004-0191 INTERIM ACCEPTED Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events ACCEPTED 1 Red Hat Enterprise Linux 3 libxml2 Jay Beale 2004-0110 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL ACCEPTED 1 Red Hat Enterprise Linux 3 httpd Jay Beale 2004-0113 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server ACCEPTED 1 Red Hat Linux 9 Red Hat 9 Jay Beale 2004-0189 INTERIM ACCEPTED The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists ACCEPTED 1 Red Hat Linux 9 Red Hat 9 Jay Beale 2004-0176 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors ACCEPTED 1 Red Hat Linux 9 Red Hat 9 Jay Beale 2004-0365 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference ACCEPTED 1 Red Hat Linux 9 Red Hat 9 Jay Beale 2004-0367 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector ACCEPTED 1 Microsoft Windows 98 Microsoft Outlook Express Andrew Buttner Andrew Buttner 2004-0380 INTERIM ACCEPTED The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Local Security Authority Subsystem Service (LSASS) Tiffany Bergeron Tiffany Bergeron 2003-0533 INTERIM ACCEPTED Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm ACCEPTED 1 Microsoft Windows Server 2003 Secure Sockets Layer (SSL) David Proulx David Proulx 2004-0120 INTERIM ACCEPTED The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages ACCEPTED 1 Microsoft Windows XP Secure Sockets Layer (SSL) David Proulx David Proulx Christine Walzer 2004-0120 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages ACCEPTED 2 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0176 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors ACCEPTED 1 Microsoft Windows XP Private Communications Transport (PCT) Andrew Buttner Andrew Buttner Christine Walzer 2003-0719 added cmp-66 INTERIM ACCEPTED INTERIM ACCEPTED Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets ACCEPTED 2 Microsoft Windows 2000 Local Descriptor Table (LDT) Jonathan Baker Jonathan Baker 2003-0910 INTERIM ACCEPTED The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0365 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference ACCEPTED 1 Microsoft Windows 2000 Secure Sockets Layer (SSL) David Proulx David Proulx 2004-0120 INTERIM ACCEPTED The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages ACCEPTED 1 Microsoft Windows 2000 Remote Procedure Call (RPC) Christine Walzer 2003-0813 INTERIM ACCEPTED A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CAN-2003-0352 (Blaster/Nachi), CAN-2003-0715, and CAN-2003-0528, and as demonstrated by certain exploits against those vulnerabilities ACCEPTED 1 Microsoft Windows Server 2003 Remote Procedure Call (RPC) Christine Walzer 2003-0813 A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CAN-2003-0352 (Blaster/Nachi), CAN-2003-0715, and CAN-2003-0528, and as demonstrated by certain exploits against those vulnerabilities DRAFT 0 Microsoft Windows NT Windows logon process (winlogon) Andrew Buttner Andrew Buttner 2003-0806 INTERIM ACCEPTED Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code ACCEPTED 1 Microsoft Windows 2000 Windows logon process (winlogon) Andrew Buttner Andrew Buttner 2003-0806 INTERIM ACCEPTED Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code ACCEPTED 1 Microsoft Windows NT Enhanced Metafile (EMF) Windows Metafile (WMF) Andrew Buttner Andrew Buttner 2003-0906 INTERIM ACCEPTED Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1allows remote attackers to execute arbitrary code via a malformed WNF or EMF image ACCEPTED 1 Microsoft Windows XP Local Security Authority Subsystem Service (LSASS) Andrew Buttner Andrew Buttner Christine Walzer 2003-0533 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm ACCEPTED 2 Microsoft Windows XP Remote Procedure Call (RPC) Christine Walzer 2003-0813 INTERIM ACCEPTED A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CAN-2003-0352 (Blaster/Nachi), CAN-2003-0715, and CAN-2003-0528, and as demonstrated by certain exploits against those vulnerabilities ACCEPTED 1 Red Hat Linux 9 OpenSSL Matt Busby Matt Busby 2004-0081 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool ACCEPTED 1 Microsoft Windows NT Private Communications Transport (PCT) Andrew Buttner Andrew Buttner 2003-0719 INTERIM ACCEPTED Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets ACCEPTED 1 Microsoft Windows Server 2003 Help and Support Center (HSC) Harvey Rubinovitz 2003-0907 Added a criterion to the configuration section to see if the HCP protocol is registered. INTERIM ACCEPTED Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0367 Corrected syntax errors in sql verion of the definition. Corrected pattern used in rrt-206 INTERIM ACCEPTED Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector ACCEPTED 1 Microsoft Windows 2000 H.323 Jonathan Baker Jonathan Baker 2004-0117 INTERIM ACCEPTED Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code ACCEPTED 1 Microsoft Windows NT IIS 4.0 Christine Walzer 2001-0507 INTERIM ACCEPTED IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability ACCEPTED 1 Microsoft Windows NT Local Descriptor Table (LDT) Jonathan Baker Jonathan Baker 2003-0910 INTERIM ACCEPTED The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer 2001-0507 INTERIM ACCEPTED IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability ACCEPTED 1 Microsoft Windows NT IIS 4.0 Christine Walzer 1999-0278 INTERIM ACCEPTED In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2003-0564 Corrected pattern used in rrt-206 INTERIM ACCEPTED Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite ACCEPTED 1 Microsoft Windows NT IIS 4.0 Christine Walzer 1999-0874 INTERIM ACCEPTED Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2003-0594 Corrected pattern used in rrt-206 INTERIM ACCEPTED Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application ACCEPTED 1 Microsoft Windows Server 2003 Local Security Authority Subsystem Service (LSASS) Andrew Buttner Andrew Buttner 2003-0533 INTERIM ACCEPTED Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm ACCEPTED 1 Microsoft Windows 98 Internet Explorer 5.5, Internet Explorer 5.5 Service Pack 1 Tiffany Bergeron 2001-0002 INTERIM ACCEPTED Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs ACCEPTED 1 Microsoft Windows 98 Internet Explorer 6 Tiffany Bergeron Harvey Rubinovitz 2001-0727 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability. ACCEPTED 2 Microsoft Windows 98 Internet Explorer 5.5 Tiffany Bergeron Harvey Rubinovitz 2003-0344 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page ACCEPTED 2 Microsoft Windows 98 Internet Explorer 6 Tiffany Bergeron Harvey Rubinovitz 2002-0190 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability ACCEPTED 2 Microsoft Windows Server 2003 Microsoft ASN.1 Library David Proulx David Proulx 2004-0123 INTERIM ACCEPTED Double-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Microsoft Windows 98 Internet Explorer 6 Tiffany Bergeron Harvey Rubinovitz 2002-0022 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated ACCEPTED 2 Microsoft Windows 98 Internet Explorer 5.5 Tiffany Bergeron Harvey Rubinovitz 2003-0113 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields ACCEPTED 2 Microsoft Windows 2000 IIS 5.0 Christine Walzer 2000-0778 INTERIM ACCEPTED IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability ACCEPTED 1 Red Hat Enterprise Linux 3 OpenSSL Matt Busby Matt Busby 2004-0112 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read ACCEPTED 1 Microsoft Windows NT IIS 4.0 Christine Walzer Christine Walzer 2002-0869 INTERIM ACCEPTED Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation. ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2002-0869 INTERIM ACCEPTED Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation. ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2002-1180 INTERIM ACCEPTED A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability. ACCEPTED 1 Microsoft Windows NT IIS 4.0 Christine Walzer Christine Walzer 1999-0736 INTERIM ACCEPTED The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2003-0226 INTERIM ACCEPTED Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2003-0227 INTERIM ACCEPTED The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0191 Corrected pattern used in rrt-206 INTERIM ACCEPTED Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2003-0349 INTERIM ACCEPTED Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0424 INTERIM ACCEPTED Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or executee arbitrary code via the MCAST_MSFILTER socket option ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0109 INTERIM ACCEPTED Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x , allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0189 INTERIM ACCEPTED The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2002-1181 INTERIM ACCEPTED Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors ACCEPTED 1 Microsoft Windows NT IIS 4.0 Christine Walzer Christine Walzer 2002-1181 INTERIM ACCEPTED Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0155 INTERIM ACCEPTED The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate ACCEPTED 1 Microsoft Windows Server 2003 H.323 Jonathan Baker Jonathan Baker 2004-0117 INTERIM ACCEPTED Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0164 INTERIM ACCEPTED KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c ACCEPTED 1 Microsoft Windows 98 Internet Explorer 5.5 Tiffany Bergeron Harvey Rubinovitz 2003-0309 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability. ACCEPTED 2 Microsoft Windows 2000 Private Communications Transport (PCT) Andrew Buttner Andrew Buttner 2003-0719 INTERIM ACCEPTED Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets ACCEPTED 1 Microsoft Windows NT SNMP Christine Walzer 1999-0815 INTERIM ACCEPTED Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0411 INTERIM ACCEPTED The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code ACCEPTED 1 Microsoft Windows 2000 Remote Procedure Call (RPC) Christine Walzer 2004-0116 INTERIM ACCEPTED An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field ACCEPTED 1 Microsoft Windows NT HTML Help Facility Andrew Buttner Andrew Buttner 2003-1041 INTERIM ACCEPTED Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CAN-2004-0475 ACCEPTED 0 Microsoft Windows Server 2003 Remote Procedure Call (RPC) Christine Walzer 2004-0116 An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field DRAFT 0 Microsoft Windows XP Remote Procedure Call (RPC) Christine Walzer 2004-0116 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field ACCEPTED 2 Microsoft Windows 2000 Enhanced Metafile (EMF) Windows Metafile (WMF) Andrew Buttner Andrew Buttner 2003-0906 INTERIM ACCEPTED Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1allows remote attackers to execute arbitrary code via a malformed WNF or EMF image ACCEPTED 1 Microsoft Windows XP Microsoft Data Access Components 2.5 Christine Walzer 2003-0353 INTERIM ACCEPTED Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434 ACCEPTED 1 Microsoft Windows XP Microsoft Data Access Components 2.6 Christine Walzer 2003-0353 INTERIM ACCEPTED Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434 ACCEPTED 1 Microsoft Windows 98 Internet Explorer 5.5 Tiffany Bergeron Harvey Rubinovitz 2003-0114 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files ACCEPTED 2 Microsoft Windows XP H.323 Jonathan Baker Jonathan Baker 2004-0117 INTERIM ACCEPTED Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code ACCEPTED 1 Microsoft Windows NT IIS 4.0 Christine Walzer Christine Walzer 2003-0227 INTERIM ACCEPTED The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0426 INTERIM ACCEPTED rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path ACCEPTED 1 Microsoft Windows 98 Microsoft Jet Database Engine Andrew Buttner Andrew Buttner 2004-0197 INTERIM ACCEPTED Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query ACCEPTED 1 Microsoft Windows NT COM Internet Services Christine Walzer 2003-0807 INTERIM ACCEPTED Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a specially crafted request ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0396 INTERIM ACCEPTED Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0421 INTERIM ACCEPTED The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0183 INTERIM ACCEPTED TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite ACCEPTED 1 Microsoft Windows 98 Internet Explorer 6 Tiffany Bergeron Harvey Rubinovitz 2002-0027 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874 ACCEPTED 2 Red Hat Linux 9 OpenSSL Matt Busby Matt Busby 2004-0079 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0184 INTERIM ACCEPTED Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0234 INTERIM ACCEPTED Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14 allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0235 INTERIM ACCEPTED Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path") ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0233 INTERIM ACCEPTED Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0541 INTERIM ACCEPTED Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable) ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0504 INTERIM ACCEPTED Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients ACCEPTED 1 Microsoft Windows XP IIS 5.1 Christine Walzer Christine Walzer 2002-0869 INTERIM ACCEPTED Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation. ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0403 INTERIM ACCEPTED Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0505 INTERIM ACCEPTED The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0506 INTERIM ACCEPTED The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0507 INTERIM ACCEPTED Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Microsoft Windows 98 Microsoft Outlook Express Andrew Buttner Andrew Buttner 2004-0380 INTERIM ACCEPTED The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability. ACCEPTED 1 Red Hat Enterprise Linux 3 MIT Kerberos 5 (krb5) Jay Beale 2004-0523 INTERIM ACCEPTED Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root ACCEPTED 1 Red Hat Enterprise Linux 3 CVS Jay Beale 2004-0414 INTERIM ACCEPTED CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution ACCEPTED 1 Red Hat Enterprise Linux 3 CVS Jay Beale 2004-0416 INTERIM ACCEPTED Double-free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code ACCEPTED 1 Microsoft Windows 2000 COM Internet Services Christine Walzer 2003-0807 INTERIM ACCEPTED Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a specially crafted request ACCEPTED 1 Microsoft Windows 98 File and Print Sharing Tiffany Bergeron Tiffany Bergeron 2000-0979 INTERIM ACCEPTED File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2003-0461 INTERIM INTERIM ACCEPTED /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords ACCEPTED 1 Microsoft Windows XP Help and Support Center (HSC) Harvey Rubinovitz Christine Walzer 2003-0907 Added a criterion to the configuration section to see if the HCP protocol is registered. cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe ACCEPTED 2 Red Hat Enterprise Linux 3 CVS Jay Beale 2004-0417 INTERIM ACCEPTED Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space ACCEPTED 1 Red Hat Enterprise Linux 3 CVS Jay Beale 2004-0418 INTERIM ACCEPTED serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data ACCEPTED 1 Microsoft Windows XP Windows XP Harvey Rubinovitz Christine Walzer 2003-0909 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability. ACCEPTED 2 Red Hat Enterprise Linux 3 SquirrelMail Jay Beale 2004-0519 INTERIM ACCEPTED Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php ACCEPTED 0 Microsoft Windows XP Microsoft ASN.1 Library David Proulx David Proulx Christine Walzer 2004-0123 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Double-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 2 Microsoft Windows XP Help and Support Center (HSC) Harvey Rubinovitz Harvey Rubinovitz Christine Walzer 2004-0199 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm) ACCEPTED 2 Microsoft Windows XP IIS 5.1 Christine Walzer Christine Walzer 2002-1182 INTERIM ACCEPTED IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned ACCEPTED 1 Microsoft Windows 98 Microsoft Outlook Express Andrew Buttner Andrew Buttner 2004-0380 INTERIM ACCEPTED The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability. ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2002-1182 INTERIM ACCEPTED IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned ACCEPTED 1 Red Hat Enterprise Linux 3 SquirrelMail Jay Beale 2004-0520 INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php ACCEPTED 0 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2003-0984 INTERIM ACCEPTED Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space ACCEPTED 2 Microsoft Windows 98 Internet Explorer 6 Tiffany Bergeron Harvey Rubinovitz 2001-0875 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download ACCEPTED 2 Microsoft Windows 2000 Lightweight Directory Access Protocol (LDAP) Tiffany Bergeron Tiffany Bergeron 2003-0663 INTERIM ACCEPTED Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0003 INTERIM ACCEPTED Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking. ACCEPTED 1 Microsoft Windows NT IIS 4.0 Christine Walzer Christine Walzer 2001-0333 INTERIM ACCEPTED Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice ACCEPTED 1 Microsoft Windows NT Tiffany Bergeron 2000-0377 INTERIM ACCEPTED The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability ACCEPTED 1 Microsoft Windows NT Microsoft Exchange 2000 Tiffany Bergeron 2002-0049 INTERIM ACCEPTED Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys ACCEPTED 1 Microsoft Windows NT Tiffany Bergeron 1999-0562 INTERIM ACCEPTED The registry in Windows NT can be accessed remotely by users who are not administrators ACCEPTED 1 Microsoft Windows 2000 NetBIOS Tiffany Bergeron Tiffany Bergeron 1999-0621 INTERIM ACCEPTED A component service related to NETBIOS is running ACCEPTED 1 Microsoft Windows NT SQL Server 2000 Tiffany Bergeron Tiffany Bergeron 2002-0642 INTERIM ACCEPTED The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key. ACCEPTED 1 Microsoft Windows 2000 Microsoft DirectPlay Tiffany Bergeron Tiffany Bergeron 2004-0202 INTERIM ACCEPTED IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Outlook Express Andrew Buttner Andrew Buttner 2004-0380 INTERIM ACCEPTED The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability. ACCEPTED 1 Microsoft Windows Server 2003 COM Internet Services Christine Walzer 2003-0807 INTERIM ACCEPTED Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a specially crafted request ACCEPTED 1 Microsoft Windows Server 2003 Help and Support Center (HSC) Harvey Rubinovitz Harvey Rubinovitz 2004-0199 INTERIM ACCEPTED Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm) ACCEPTED 1 Red Hat Enterprise Linux 3 SquirrelMail Jay Beale 2004-0521 INTERIM ACCEPTED SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php ACCEPTED 0 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale Jay Beale 2004-0010 INTERIM ACCEPTED Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges ACCEPTED 2 Microsoft Windows NT Veritas Backup Exec 8.5 Tiffany Bergeron Tiffany Bergeron 2002-1117 INTERIM Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares INTERIM 0 Microsoft Windows XP Microsoft Data Access Components 2.7 Christine Walzer 2003-0353 Changed patch registry key value to IsInstalled INTERIM ACCEPTED Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434 ACCEPTED 3 Microsoft Windows NT Remote Procedure Call (RPC) Christine Walzer 2004-0124 INTERIM ACCEPTED The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability. ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0180 INTERIM ACCEPTED The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CAN-2004-0405 ACCEPTED 1 Microsoft Windows 2000 Utility Manager Harvey Rubinovitz 2003-0908 INTERIM ACCEPTED The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CAN-2004-0213 ACCEPTED 1 Red Hat Linux 9 OpenSSL Matt Busby Matt Busby 2004-0112 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2001-0333 INTERIM ACCEPTED Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice ACCEPTED 1 Microsoft Windows XP Compressed Folders David Proulx 2004-0575 Restructured the test to Windows XP at all service pack levels, but only on 32-bit architectures Added test for patch NOT installed DRAFT INTERIM ACCEPTED Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation ACCEPTED 1 Microsoft Windows XP Windows logon process (winlogon) Andrew Buttner Andrew Buttner Christine Walzer 2003-0806 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code ACCEPTED 2 Microsoft Windows XP Christine Walzer 2002-0862 Added superceding patch info. cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS ACCEPTED 1 Microsoft Windows NT Christine Walzer 2002-1183 Added superceding patch info. Changed to DRAFT INTERIM ACCEPTED INTERIM ACCEPTED Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862) ACCEPTED 1 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0405 INTERIM ACCEPTED CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CAN-2004-0180 ACCEPTED 1 Microsoft Windows 2000 Remote Procedure Call (RPC) Christine Walzer 2004-0124 INTERIM ACCEPTED The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability. ACCEPTED 1 Microsoft Windows XP Enhanced Metafile (EMF) Windows Metafile (WMF) Andrew Buttner Andrew Buttner Christine Walzer 2003-0906 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1allows remote attackers to execute arbitrary code via a malformed WNF or EMF image ACCEPTED 2 Red Hat Enterprise Linux 3 Red Hat Enteprise Linux 3 Jay Beale 2004-0179 INTERIM ACCEPTED Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, or (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code ACCEPTED 1 Microsoft Windows Server 2003 Remote Procedure Call (RPC) Christine Walzer Christine Walzer 2004-0124 INTERIM ACCEPTED The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability. ACCEPTED 1 Microsoft Windows 2000 IIS 5.0 Christine Walzer Christine Walzer 2001-0241 INTERIM ACCEPTED Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0 ACCEPTED 1 Microsoft Windows XP Remote Procedure Call (RPC) Christine Walzer 2004-0124 cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability. ACCEPTED 2 Microsoft Windows NT Microsoft ASN.1 Library David Proulx David Proulx 2004-0123 INTERIM ACCEPTED Double-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Microsoft Windows NT SQL Server 2000 Tiffany Bergeron Tiffany Bergeron 2002-0649 INTERIM ACCEPTED Multiple buffer overflows in SQL Server 2000 Resolution Service allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption ACCEPTED 1 Microsoft Windows 2000 NetBIOS Tiffany Bergeron Tiffany Bergeron 2000-1079 INTERIM ACCEPTED Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram ACCEPTED 1 Microsoft Windows Server 2003 Private Communications Transport (PCT) Andrew Buttner Andrew Buttner 2003-0719 INTERIM ACCEPTED Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets ACCEPTED 1 Microsoft Windows 98 Internet Explorer 5.5 Service Pack 2 Tiffany Bergeron Harvey Rubinovitz 2003-0233 Replaced IE cumulative patch IDs to correspond to the original IDs INTERIM ACCEPTED INTERIM ACCEPTED Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CAN-2003-0115 ACCEPTED 2 Microsoft Windows 98 Internet Explorer 5.5, Internet Explorer 5.5 Service Pack 1 Tiffany Bergeron 2001-0339 INTERIM ACCEPTED Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability. ACCEPTED 1 Sun Solaris 9 CDE Brian Soby 2002-0677 DRAFT INTERIM ACCEPTED CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure ACCEPTED 1 Microsoft Windows XP GDI+ Ingrid Skoog 2004-0200 DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 6 Service Pack 1 Tiffany Bergeron Tiffany Bergeron 2004-0549 DRAFT INTERIM ACCEPTED The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifiying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object ACCEPTED 1 Microsoft Windows 2000 Crystal Enterprise Crystal Reports Andrew Buttner 2004-0204 Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx DRAFT 0 Microsoft Windows Server 2003 Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0571 DRAFT Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-090 DRAFT 0 Microsoft Windows XP HTML Help Facility Andrew Buttner Andrew Buttner Christine Walzer 2003-1041 added the unregistered HTML Help criterion to the configuration section of the criteria cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CAN-2004-0475 ACCEPTED 1 Microsoft Windows 2000 Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0901 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Sun Solaris 7 Sadmin Brian Soby 2003-0722 Added check for sadmind called with strong authentication DRAFT INTERIM ACCEPTED The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets ACCEPTED 1 Microsoft Windows 98 Program Group Converter Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Microsoft Windows 98 Internet Explorer 6 Internet Explorer 6 SP1 Ingrid Skoog Ingrid Skoog 2004-1050 DRAFT Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utili DRAFT 0 Microsoft Windows NT Windows kernel Christine Walzer Christine Walzer 2004-0893 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows 2000 IIS 5.0 Jonathan Baker 2003-0718 DRAFT INTERIM ACCEPTED The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes ACCEPTED 1 Microsoft Windows 2000 Christine Walzer 2002-0862 Added superceding patch info. Changed to DRAFT INTERIM ACCEPTED The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS ACCEPTED 0 Microsoft Windows NT Internet Explorer 6 Tiffany Bergeron Tiffany Bergeron 2004-0212 INTERIM ACCEPTED Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share ACCEPTED 0 Red Hat Enterprise Linux 3 FreeRADIUS Jay Beale 2004-0938 DRAFT FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet DRAFT 0 Microsoft Windows NT Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0571 DRAFT Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-090 DRAFT 0 Microsoft Windows XP IIS 5.1 Jonathan Baker 2003-0718 DRAFT INTERIM ACCEPTED The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes ACCEPTED 1 Sun Solaris 7 CDE Brian Soby 2004-0368 Added patch 107180-31 test for Solaris 7. Changed vulnerable software test logic a little DRAFT INTERIM ACCEPTED Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and possibly other operating systems, allows remote attackers to execute arbitrary code via a certain UDP packet ACCEPTED 1 Microsoft Windows NT Christine Walzer 2002-1183 Added superceding patch info. Changed to DRAFT INTERIM ACCEPTED Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862) ACCEPTED 0 Microsoft Windows 2000 HTML Help Facility Andrew Buttner Andrew Buttner 2004-0201 INTERIM ACCEPTED Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CAN-2003-1041 ACCEPTED 0 Microsoft Windows NT VDM Ingrid Skoog Ingrid Skoog 2004-0118 ACCEPTED The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code ACCEPTED 2 Microsoft Windows XP HTML Help Facility Andrew Buttner Andrew Buttner Christine Walzer 2004-0201 added the unregistered HTML Help criterion to the configuration section of the criteria cmp-66 added INTERIM ACCEPTED INTERIM ACCEPTED Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CAN-2003-1041 ACCEPTED 1 Microsoft Windows Server 2003 Windows Internet Naming Service (WINS) Matthew Burton 2004-1080 DRAFT The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 4 DRAFT 0 Microsoft Windows 2000 Windows kernel Christine Walzer Christine Walzer 2004-0893 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows ME Internet Explorer 6 SP1 Harvey Rubinovitz 2004-0839 DRAFT INTERIM ACCEPTED Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html" ACCEPTED 1 Microsoft Windows XP Windows kernel Christine Walzer Christine Walzer 2004-0893 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows ME Windows Shell Andrew Buttner 2004-0214 DRAFT INTERIM ACCEPTED Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0901 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows NT VDM Ingrid Skoog Ingrid Skoog 2004-0118 ACCEPTED The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code ACCEPTED 2 Microsoft Windows NT Microsoft Visual Studio .NET 2003 Ingrid Skoog 2004-0200 changed affected platforms DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows NT Windows Shell Andrew Buttner 2004-0214 DRAFT INTERIM ACCEPTED Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba ACCEPTED 1 Microsoft Windows XP VDM Ingrid Skoog 2004-0208 fixed OS DRAFT INTERIM ACCEPTED The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions ACCEPTED 1 Microsoft Windows XP Task Scheduler Tiffany Bergeron Tiffany Bergeron Christine Walzer 2004-0212 INTERIM ACCEPTED INTERIM ACCEPTED Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Andrew Buttner Andrew Buttner 2003-1048 DRAFT INTERIM ACCEPTED Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image ACCEPTED 1 Microsoft Windows 2000 Negotiate SSP interface Ingrid Skoog 2004-0119 INTERIM ACCEPTED The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection ACCEPTED 1 Microsoft Windows XP Program Group Converter Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Microsoft Windows XP Program Group Converter Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Sun Solaris 7 NIS Brian Soby 2001-1328 DRAFT Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code DRAFT 0 Microsoft Windows NT NetDDE Jonathan Baker 2004-0206 DRAFT INTERIM ACCEPTED Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow ACCEPTED 1 Microsoft Windows XP Enhanced Metafile (EMF) Ingrid Skoog 2004-0209 DRAFT INTERIM ACCEPTED Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer. ACCEPTED 1 Microsoft Windows XP Windows kernel Christine Walzer Christine Walzer 2004-0893 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows Server 2003 Local Security Authority Subsystem Service (LSASS) Christine Walzer 2004-0894 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows 2000 HTML Help Facility Andrew Buttner Andrew Buttner 2003-1041 INTERIM ACCEPTED Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CAN-2004-0475 ACCEPTED 0 Microsoft Windows NT Microsoft Outlook Express Jonathan Baker 2004-0215 DRAFT INTERIM ACCEPTED Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header ACCEPTED 1 Microsoft Windows XP Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0571 DRAFT Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-090 DRAFT 0 Microsoft Windows Server 2003 Ingrid Skoog Ingrid Skoog 2004-0119 INTERIM ACCEPTED The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection ACCEPTED 1 Microsoft Windows XP Task Scheduler Tiffany Bergeron Tiffany Bergeron 2004-0212 added compound tests INTERIM ACCEPTED Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share ACCEPTED 0 Microsoft Windows XP Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0571 DRAFT Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-090 DRAFT 0 Sun Solaris 8 Apache Brian Soby 2004-0174 Changed apache test to file test Changed apache test to package test DRAFT INTERIM ACCEPTED Apache before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket. ACCEPTED 1 Microsoft Windows XP Negotiate SSP interface Ingrid Skoog Ingrid Skoog Christine Walzer 2004-0119 cmp-66 added ACCEPTED INTERIM ACCEPTED The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection ACCEPTED 1 Sun Solaris 7 Solaris Enterprise Authentication Mechanism (SEAM) Brian Soby 2004-0523 DRAFT Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root DRAFT 0 Microsoft Windows XP Windows kernel Christine Walzer Christine Walzer 2004-0893 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Sun Solaris 7 Bind Brian Soby 2003-0914 DRAFT INTERIM ACCEPTED ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value ACCEPTED 1 Microsoft Windows NT Christine Walzer 2004-0203 DRAFT INTERIM ACCEPTED Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query ACCEPTED 1 Microsoft Windows NT Christine Walzer Christine Walzer 2003-0112 INTERIM ACCEPTED Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger ACCEPTED 0 Sun Solaris 7 login Brian Soby 2001-0797 DRAFT Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin DRAFT 0 Microsoft Windows XP Local Security Authority Subsystem Service (LSASS) Christine Walzer 2004-0894 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Sun Solaris 9 pam_krb5 Brian Soby 2004-0653 DRAFT Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files DRAFT 0 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Harvey Rubinovitz 2004-0839 DRAFT INTERIM ACCEPTED Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html" ACCEPTED 1 Microsoft Windows ME Microsoft Internet Explorer 5.5 Service Pack 2 Andrew Buttner Andrew Buttner 2003-1048 DRAFT INTERIM ACCEPTED Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image ACCEPTED 1 Microsoft Windows NT Christine Walzer 2002-1183 Added superceding patch info. Changed to DRAFT INTERIM ACCEPTED Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862) ACCEPTED 0 Microsoft Windows 2000 Enhanced Metafile (EMF) Ingrid Skoog 2004-0209 DRAFT INTERIM ACCEPTED Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer. ACCEPTED 1 Microsoft Windows 2000 Microsoft Outlook Express Jonathan Baker 2004-0215 DRAFT INTERIM ACCEPTED Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header ACCEPTED 1 Sun Solaris 9 Kerberos5 Brian Soby 2004-0644 DRAFT The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding DRAFT 0 Microsoft Windows Server 2003 HTML Help Facility Andrew Buttner Andrew Buttner 2004-0201 INTERIM ACCEPTED Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CAN-2003-1041 ACCEPTED 0 Sun Solaris 9 Samba Brian Soby 2003-0201 DRAFT Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code DRAFT 0 Microsoft Windows NT POSIX Ingrid Skoog Ingrid Skoog 2004-0210 INTERIM ACCEPTED The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow ACCEPTED 0 Sun Solaris 9 Sendmail Brian Soby 2002-0906 DRAFT Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server DRAFT 0 Microsoft Windows XP DirectX Tiffany Bergeron Tiffany Bergeron 2004-0202 Added cmp-966 to test for vulnerable versions of DirectX Re-added cmp-966 Added the negate attribute with a value of 'true' to the subtest elements referencing patch installations. INTERIM ACCEPTED IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet ACCEPTED 1 Microsoft Windows NT IIS 4.0 David Proulx David Proulx 2004-0205 INTERIM ACCEPTED Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function ACCEPTED 0 Microsoft Windows XP Internet Explorer 6 Harvey Rubinovitz 2004-0845 DRAFT INTERIM ACCEPTED Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site ACCEPTED 1 Microsoft Windows XP Internet Explorer 6 Christine Walzer Christine Walzer 2004-0420 INTERIM ACCEPTED INTERIM ACCEPTED The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP ACCEPTED 1 Microsoft Windows NT Christine Walzer Christine Walzer 2003-0112 INTERIM ACCEPTED Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger ACCEPTED 0 Microsoft Windows NT DHCP Ingrid Skoog Ingrid Skoog 2004-0899 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows Server 2003 SMTP Christine Walzer 2004-0840 DRAFT INTERIM ACCEPTED The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated ACCEPTED 1 Microsoft Windows Server 2003 Internet Explorer 6 Christine Walzer Christine Walzer 2004-0420 INTERIM ACCEPTED The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP ACCEPTED 0 Microsoft Windows NT NetDDE Jonathan Baker 2004-0206 DRAFT INTERIM ACCEPTED Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow ACCEPTED 1 Microsoft Windows XP DirectX Tiffany Bergeron Tiffany Bergeron Christine Walzer 2004-0202 Changed Status to Draft; Added cmp-967 Added the negate attribute with a value of 'true' to the subtest elements referencing patch installations. INTERIM ACCEPTED INTERIM ACCEPTED IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet ACCEPTED 2 Sun Solaris 7 Basic Security Module Brian Soby 2004-0654 DRAFT Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic) DRAFT 0 Microsoft Windows XP Enhanced Metafile (EMF) Ingrid Skoog 2004-0209 changed OS DRAFT INTERIM ACCEPTED Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer. ACCEPTED 1 Microsoft Windows XP Microsoft Internet Explorer 6 Harvey Rubinovitz 2004-0843 DRAFT INTERIM ACCEPTED Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Utility Manager Jonathan Baker Jonathan Baker 2004-0213 INTERIM ACCEPTED Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CAN-2003-0908 ACCEPTED 0 Microsoft Windows NT Remote Procedure Call (RPC) Matthew Burton 2004-0569 DRAFT INTERIM ACCEPTED The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values ACCEPTED 1 Microsoft Windows Server 2003 DirectX Tiffany Bergeron Tiffany Bergeron 2004-0202 Changed Status to Draft; Added cmp-969 Added the negate attribute with a value of 'true' to the subtest elements referencing patch installations. INTERIM ACCEPTED IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Harvey Rubinovitz 2004-0843 DRAFT INTERIM ACCEPTED Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Matthew Burton 2004-1080 DRAFT The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 4 DRAFT 0 Sun Solaris 8 Sun Cluster Brian Soby 2003-0545 DRAFT INTERIM ACCEPTED Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding ACCEPTED 1 Microsoft Windows XP Internet Explorer 6 Harvey Rubinovitz 2004-0841 DRAFT INTERIM ACCEPTED Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability. ACCEPTED 1 Sun Solaris 8 Sun Crypto Accelerator 4000 Brian Soby 2004-0079 DRAFT INTERIM ACCEPTED The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference ACCEPTED 1 Microsoft Windows 98 Windows Shell Andrew Buttner 2004-0214 DRAFT INTERIM ACCEPTED Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba ACCEPTED 1 Microsoft Windows Server 2003 Jonathan Baker 2004-0215 DRAFT INTERIM ACCEPTED Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header ACCEPTED 1 Sun Solaris 7 Sun Am7990 Ethernet Driver Brian Soby 2003-0001 DRAFT Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak DRAFT 0 Microsoft Windows 2000 Microsoft Office 2000 SP3 Christine Walzer 2004-0573 DRAFT INTERIM ACCEPTED Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website ACCEPTED 1 Microsoft Windows 2000 Christine Walzer 2002-0862 negated patch info. Added superceding patch info. Changed to DRAFT INTERIM ACCEPTED The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS ACCEPTED 0 Microsoft Windows 95 Microsoft Excel 2000 Matthew Burton 2004-0846 DRAFT INTERIM ACCEPTED Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated ACCEPTED 1 Microsoft Windows XP DirectX Tiffany Bergeron Tiffany Bergeron 2004-0202 Changed Status to Draft; Added cmp-970 Added the negate attribute with a value of 'true' to the subtest elements referencing patch installations. INTERIM ACCEPTED IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet ACCEPTED 1 Microsoft Windows 2000 Microsoft Office 2003 Ingrid Skoog 2004-0200 changed affected product from GDI+ and office2003 to just office 2003 DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Sun Solaris 9 OpenSSH Brian Soby 2003-0693 DRAFT A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695 DRAFT 0 Microsoft Windows NT MDAC 2.5 Ingrid Skoog 2002-1142 DRAFT INTERIM ACCEPTED Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub ACCEPTED 1 Microsoft Windows NT Matthew Burton Matthew Burton 2004-1080 DRAFT The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 4 DRAFT 0 Microsoft Windows 2000 Program Group Converter Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Sun Solaris 9 CDE Brian Soby 2002-0678 DRAFT INTERIM ACCEPTED CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Jay Beale 2004-0427 DRAFT INTERIM ACCEPTED The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call ACCEPTED 1 Microsoft Windows 2000 POSIX Ingrid Skoog Ingrid Skoog 2004-0210 INTERIM ACCEPTED The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow ACCEPTED 0 Microsoft Windows XP Internet Explorer 6 Christine Walzer Christine Walzer 2004-0420 INTERIM ACCEPTED The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP ACCEPTED 0 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Harvey Rubinovitz 2004-0842 DRAFT INTERIM ACCEPTED Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability. ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Jay Beale 2004-0554 DRAFT INTERIM ACCEPTED Linux kernel 2.4.2x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program ACCEPTED 1 Red Hat Enterprise Linux 3 Linux kernel Jay Beale 2004-0495 DRAFT INTERIM ACCEPTED Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool ACCEPTED 1 Sun Solaris 7 Sendmail Brian Soby 2003-0694 DRAFT The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c DRAFT 0 Microsoft Windows NT Microsoft Project Professional 2002 Ingrid Skoog 2004-0200 Changed affected platforms DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows NT Program Group Converter Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Microsoft Windows NT Microsoft Visio Professional 2002 Ingrid Skoog 2004-0200 Changed affected platforms DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows XP Explorer.exe Ingrid Skoog Ingrid Skoog 2003-0306 INTERIM ACCEPTED Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter ACCEPTED 0 Microsoft Windows 2000 NetDDE Jonathan Baker 2004-0206 DRAFT INTERIM ACCEPTED Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow ACCEPTED 1 Microsoft Windows 2000 Christine Walzer Christine Walzer 2003-0112 Changed to DRAFT INTERIM ACCEPTED Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger ACCEPTED 0 Microsoft Windows XP VDM Ingrid Skoog 2004-0208 DRAFT INTERIM ACCEPTED The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions ACCEPTED 1 Microsoft Windows NT HTML Help Facility Andrew Buttner Andrew Buttner 2004-0201 INTERIM ACCEPTED Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CAN-2003-1041 ACCEPTED 0 Microsoft Windows XP NetDDE Jonathan Baker 2004-0206 DRAFT INTERIM ACCEPTED Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow ACCEPTED 1 Microsoft Windows NT Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0901 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows XP Microsoft Office 2003 Christine Walzer 2004-0573 DRAFT INTERIM ACCEPTED Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website ACCEPTED 1 Microsoft Windows XP Local Security Authority Subsystem Service (LSASS) Ingrid Skoog Ingrid Skoog 2004-0894 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows NT Microsoft Visio Professional 2003 Ingrid Skoog 2004-0200 Changed affected platforms DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Sun Solaris 9 Kerberos5 Brian Soby 2004-0643 DRAFT Double-free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code DRAFT 0 Microsoft Windows XP Local Security Authority Subsystem Service (LSASS) Christine Walzer Christine Walzer 2004-0894 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows XP Microsoft Office XP SP3 Christine Walzer 2004-0573 DRAFT INTERIM ACCEPTED Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Harvey Rubinovitz 2004-0842 DRAFT INTERIM ACCEPTED Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability. ACCEPTED 1 Microsoft Windows XP Microsoft Outlook Express Jonathan Baker Christine Walzer 2004-0215 cmp-66 added DRAFT INTERIM ACCEPTED Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6 Christine Walzer 2004-0420 DRAFT INTERIM ACCEPTED The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP ACCEPTED 1 Microsoft Windows XP SMB (Server Message Block) Ingrid Skoog 2003-0345 INTERIM ACCEPTED Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required ACCEPTED 0 Microsoft Windows 2000 Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0571 DRAFT Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-090 DRAFT 0 Microsoft Windows 2000 Task Scheduler Tiffany Bergeron Tiffany Bergeron 2004-0212 INTERIM ACCEPTED Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share ACCEPTED 0 Microsoft Windows Server 2003 SMTP Christine Walzer 2004-0840 DRAFT INTERIM ACCEPTED The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated ACCEPTED 1 Microsoft Windows XP NetBT Name Service Ingrid Skoog 2003-0661 INTERIM ACCEPTED The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information ACCEPTED 0 Microsoft Windows Server 2003 HTML Help Facility Andrew Buttner Andrew Buttner 2003-1041 INTERIM ACCEPTED Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CAN-2004-0475 ACCEPTED 0 Microsoft Windows XP Internet Explorer 6 Christine Walzer Christine Walzer 2004-0420 INTERIM ACCEPTED The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP ACCEPTED 0 Microsoft Windows NT MDAC 2.1 Ingrid Skoog 2002-1142 DRAFT INTERIM ACCEPTED Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub ACCEPTED 1 Sun Solaris 7 Solaris Runtime Linker Brian Soby 2003-0609 DRAFT Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable DRAFT 0 Microsoft Windows NT Internet Explorer 6 Christine Walzer 2004-0420 DRAFT INTERIM ACCEPTED The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP ACCEPTED 1 Sun Solaris 7 Sendmail Brian Soby 2003-0681 DRAFT A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences DRAFT 0 Red Hat Enterprise Linux 3 libpng Jay Beale 2002-1363 DRAFT INTERIM ACCEPTED Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers ACCEPTED 1 Microsoft Windows Server 2003 Windows Internet Naming Service (WINS) Matthew Burton 2004-1080 DRAFT The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 4 DRAFT 0 Microsoft Windows Server 2003 Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0571 DRAFT Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-090 DRAFT 0 Microsoft Windows ME Program Group Converter Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Sun Solaris 8 Apache Brian Soby 2003-0542 DRAFT INTERIM ACCEPTED Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures ACCEPTED 1 Microsoft Windows NT Microsoft Project Professional 2003 Ingrid Skoog 2004-0200 Changed affected platforms DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows XP Windows Shell Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Harvey Rubinovitz 2004-0845 DRAFT INTERIM ACCEPTED Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site ACCEPTED 1 Microsoft Windows NT Microsoft Office XP SP2 Ingrid Skoog 2004-0200 DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows XP Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0901 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows Server 2003 Compressed Folders David Proulx 2004-0575 DRAFT INTERIM ACCEPTED Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation ACCEPTED 1 Microsoft Windows NT VDM Ingrid Skoog 2004-0208 DRAFT INTERIM ACCEPTED The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions ACCEPTED 1 Microsoft Windows XP GDI+ Ingrid Skoog 2004-0200 DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows XP Microsoft Office XP SP2 Christine Walzer Ingrid Skoog 2004-0573 DRAFT INTERIM ACCEPTED Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website ACCEPTED 1 Microsoft Windows NT Windows kernel Christine Walzer Christine Walzer 2004-0893 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Sun Solaris 8 DtMail Brian Soby 2004-0800 DRAFT INTERIM ACCEPTED Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0901 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Sun Solaris 8 Apache Brian Soby 2003-0020 Change apache test to file test Changed apache test to package test DRAFT INTERIM ACCEPTED Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Harvey Rubinovitz 2004-0839 DRAFT INTERIM ACCEPTED Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html" ACCEPTED 1 Microsoft Windows XP Internet Explorer 6 Harvey Rubinovitz 2004-0842 DRAFT INTERIM ACCEPTED Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6 SP1 Ingrid Skoog 2004-0200 DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows 95 Microsoft Excel 2002 Matthew Burton 2004-0846 DRAFT Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated DRAFT 0 Microsoft Windows Server 2003 Program Group Converter Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Sun Solaris 8 Sun Cluster Brian Soby 2003-0543 DRAFT INTERIM ACCEPTED Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values ACCEPTED 1 Microsoft Windows 2000 ISA Server 2000 Christine Walzer 2004-0892 DRAFT Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results DRAFT 0 Microsoft Windows Server 2003 Compressed Folders David Proulx 2004-0575 DRAFT INTERIM ACCEPTED Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation ACCEPTED 1 Microsoft Windows NT Microsoft Visual Studio .NET 2002 Ingrid Skoog 2004-0200 DRAFT INTERIM ACCEPTED Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation ACCEPTED 1 Microsoft Windows 2000 VDM Ingrid Skoog 2004-0208 DRAFT INTERIM ACCEPTED The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions ACCEPTED 1 Microsoft Windows NT Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0571 DRAFT Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-090 DRAFT 0 Microsoft Windows 2000 Windows Shell Andrew Buttner 2004-0214 DRAFT INTERIM ACCEPTED Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba ACCEPTED 1 Microsoft Windows XP Local Security Authority Subsystem Service (LSASS) Christine Walzer Christine Walzer 2004-0894 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows Server 2003 Network News Transport Protocol (NNTP) Christine Walzer 2004-0574 DRAFT INTERIM ACCEPTED The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows ACCEPTED 1 Sun Solaris 8 Apache Brian Soby 2003-0987 Change apache test to file test Changed apache test to package test DRAFT INTERIM ACCEPTED mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret ACCEPTED 1 Microsoft Windows Server 2003 Windows kernel Christine Walzer Christine Walzer 2004-0893 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows Server 2003 Program Group Converter Andrew Buttner 2004-0572 DRAFT INTERIM ACCEPTED Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe ACCEPTED 1 Sun Solaris 8 Sun Cluster Brian Soby 2003-0544 DRAFT INTERIM ACCEPTED OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used ACCEPTED 1 Microsoft Windows NT Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0901 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows Server 2003 NetDDE Jonathan Baker 2004-0206 DRAFT INTERIM ACCEPTED Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow ACCEPTED 1 Sun Solaris 9 Kerberos5 Brian Soby 2004-0772 DRAFT INTERIM ACCEPTED Double-free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code ACCEPTED 1 Sun Solaris 8 Apache Brian Soby 2003-0993 Changes apache test to file test Changed apache test to package test DRAFT INTERIM ACCEPTED mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Harvey Rubinovitz 2004-0727 DRAFT INTERIM ACCEPTED Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows 2000 HyperTerminal Harvey Rubinovitz Harvey Rubinovitz 2004-0568 DRAFT HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow DRAFT 0 Microsoft Windows XP Microsoft Word for Windows 6.0 Converter Christine Walzer Christine Walzer 2004-0901 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows NT VDM Ingrid Skoog 2004-0208 DRAFT INTERIM ACCEPTED The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions ACCEPTED 1 Microsoft Windows Server 2003 IIS 6.0 Jonathan Baker 2003-0718 DRAFT INTERIM ACCEPTED The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes ACCEPTED 1 Microsoft Windows NT Windows NT 4.0 Matthew Burton 2004-1080 DRAFT The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 4 DRAFT 0 Microsoft Windows NT DHCP Ingrid Skoog Ingrid Skoog 2004-0900 DRAFT ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided DRAFT 0 Microsoft Windows NT Proxy Server 2.0 SP1 Christine Walzer 2004-0892 DRAFT Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results DRAFT 0 Sun Solaris 8 Apache Brian Soby 2004-0492 Changed apache test to file test Changed apache test to package test DRAFT INTERIM ACCEPTED Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied ACCEPTED 1 Microsoft Windows XP Windows kernel Ingrid Skoog 2004-0211 changed OS DRAFT INTERIM ACCEPTED The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program ACCEPTED 1 Sun Solaris 9 Kerberos5 Brian Soby 2004-0642 DRAFT Double-free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code DRAFT 0 Microsoft Windows Server 2003 Network News Transport Protocol (NNTP) Christine Walzer 2004-0573 DRAFT INTERIM ACCEPTED Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website ACCEPTED 1 Microsoft Windows NT Network News Transport Protocol (NNTP) Christine Walzer 2004-0574 DRAFT INTERIM ACCEPTED The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows ACCEPTED 1 Microsoft Windows XP NetDDE Jonathan Baker 2004-0206 DRAFT INTERIM ACCEPTED Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow ACCEPTED 1 Microsoft Windows NT Remote Procedure Call (RPC) Matthew Burton 2003-0569 DRAFT INTERIM ACCEPTED ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided ACCEPTED 1 Microsoft Windows XP Windows Shell Andrew Buttner 2004-0214 DRAFT INTERIM ACCEPTED Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Harvey Rubinovitz 2004-0216 DRAFT INTERIM ACCEPTED Buffer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email ACCEPTED 1 Microsoft Windows ME Internet Explorer 6 SP1 Harvey Rubinovitz 2004-0216 DRAFT INTERIM ACCEPTED Buffer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email ACCEPTED 1 Microsoft Windows Server 2003 SMTP Christine Walzer 2004-0840 DRAFT INTERIM ACCEPTED The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated ACCEPTED 1 Microsoft Windows ME Internet Explorer 5.5 Service Pack 2 Harvey Rubinovitz 2004-0842 DRAFT INTERIM ACCEPTED Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability. ACCEPTED 1 Microsoft Windows ME Internet Explorer 6 SP1 Harvey Rubinovitz 2004-0845 DRAFT INTERIM ACCEPTED Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site ACCEPTED 1 Microsoft Windows 2000 Network News Transport Protocol (NNTP) Christine Walzer 2004-0574 DRAFT INTERIM ACCEPTED The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows ACCEPTED 1 Microsoft Windows ME Internet Explorer 5.5 Service Pack 2 Harvey Rubinovitz 2004-0841 DRAFT INTERIM ACCEPTED Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability. ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Harvey Rubinovitz 2004-0839 DRAFT INTERIM ACCEPTED Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html" ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Harvey Rubinovitz 2004-0843 DRAFT INTERIM ACCEPTED Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability. ACCEPTED 1 Microsoft Windows XP Compressed Folders David Proulx 2004-0575 DRAFT INTERIM ACCEPTED Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation ACCEPTED 1 Microsoft Windows ME Internet Explorer 6 SP1 Harvey Rubinovitz 2004-0842 DRAFT INTERIM ACCEPTED Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 4 Harvey Rubinovitz 2004-0216 DRAFT INTERIM ACCEPTED Buffer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email ACCEPTED 1 Microsoft Windows Server 2003 NetDDE Jonathan Baker 2004-0206 DRAFT INTERIM ACCEPTED Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow ACCEPTED 1 Microsoft Windows ME Internet Explorer 6 SP1 Harvey Rubinovitz 2004-0727 DRAFT INTERIM ACCEPTED Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Harvey Rubinovitz 2004-0727 DRAFT INTERIM ACCEPTED Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows ME Internet Explorer 5.5 Service Pack 2 Harvey Rubinovitz 2004-0843 DRAFT INTERIM ACCEPTED Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability. ACCEPTED 1 Microsoft Windows ME Internet Explorer 6 SP1 Harvey Rubinovitz 2004-0843 DRAFT INTERIM ACCEPTED Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability. ACCEPTED 1 Microsoft Windows ME Internet Explorer 5.5 Service Pack 2 Harvey Rubinovitz 2003-0727 DRAFT INTERIM ACCEPTED Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions ACCEPTED 1 Microsoft Windows Server 2003 Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003 Harvey Rubinovitz 2004-0727 DRAFT INTERIM ACCEPTED Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Harvey Rubinovitz 2004-0845 DRAFT INTERIM ACCEPTED Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site ACCEPTED 1 Microsoft Windows XP Internet Explorer 6 Harvey Rubinovitz 2004-0216 DRAFT INTERIM ACCEPTED Buffer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email ACCEPTED 1 Microsoft Windows XP Internet Explorer 6 Harvey Rubinovitz 2004-0839 DRAFT INTERIM ACCEPTED Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html" ACCEPTED 1 Microsoft Windows 2000 Microsoft Internet Explorer 5.01 Service Pack 3 Harvey Rubinovitz 2004-0216 DRAFT INTERIM ACCEPTED Buffer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email ACCEPTED 1 Microsoft Windows XP Internet Explorer 6 Harvey Rubinovitz 2004-0727 DRAFT INTERIM ACCEPTED Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability. ACCEPTED 1 Microsoft Windows ME Internet Explorer 6 SP1 Harvey Rubinovitz 2004-0844 DRAFT INTERIM ACCEPTED Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability. ACCEPTED 1 OR OR OR AND AND AND OR OR AND AND OR OR OR AND AND AND OR AND AND AND AND AND AND OR AND AND AND OR AND OR AND AND AND AND AND OR OR AND AND OR AND OR OR AND OR AND AND AND AND OR OR AND OR OR AND AND OR OR AND OR AND AND AND AND AND AND OR AND OR OR AND AND OR AND OR AND AND OR AND OR AND AND OR OR OR AND AND OR OR AND OR AND OR OR OR AND AND OR AND AND AND OR OR OR AND OR AND AND AND AND OR OR AND OR AND AND AND AND OR AND AND AND OR AND OR AND AND AND OR AND AND OR AND OR AND AND OR AND OR AND AND AND AND AND OR AND OR AND AND AND OR OR AND OR AND AND AND OR OR AND OR AND AND AND AND OR OR AND OR AND AND AND AND AND AND OR AND OR OR AND OR AND OR AND OR AND OR AND OR OR AND OR OR AND AND OR AND AND OR OR OR OR AND OR AND OR OR OR OR OR AND OR OR OR OR AND AND AND OR OR AND OR OR AND OR OR OR OR AND OR OR AND OR OR OR OR AND OR AND OR OR OR AND OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR AND OR OR AND AND AND AND AND AND AND OR OR OR OR OR OR AND OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR OR AND OR AND AND AND OR AND AND OR AND AND AND OR OR AND OR AND OR OR OR OR OR OR AND OR OR OR OR AND OR OR OR AND OR OR OR OR AND AND AND AND AND AND AND OR AND AND AND AND OR OR AND AND OR OR AND AND ^.*rhnsd.*$ /bin/mount 1 /bin/mount 1 /usr/bin/telnet 1 /usr/bin/telnet 1 /usr/bin/telnet 1 /usr/kerberos/bin/telnet 1 /usr/kerberos/bin/telnet 1 /usr/kerberos/bin/telnet 1 /usr/bin/rlogin 1 /usr/bin/rlogin 1 /usr/bin/rlogin 1 /usr/kerberos/bin/rlogin 1 /usr/kerberos/bin/rlogin 1 /usr/kerberos/bin/rlogin 1 /usr/bin/ssh 1 /usr/bin/ssh 1 /usr/bin/ssh 1 /usr/bin/kmail 1 /usr/bin/kmail 1 /usr/bin/kmail 1 /usr/bin/cvs 1 /usr/bin/cvs 1 /usr/bin/cvs 1 /proc/tty/driver/serial 1 /proc/tty/driver/ 1 /proc/tty/ 1 /proc/ 1 /usr/bin/oocalc 1 /usr/bin/oocalc 1 /usr/bin/oocalc 1 /usr/bin/oodraw 1 /usr/bin/oodraw 1 /usr/bin/oodraw 1 /usr/bin/oofice 1 /usr/bin/oofice 1 /usr/bin/oofice 1 /usr/bin/ooimpress 1 /usr/bin/ooimpress 1 /usr/bin/ooimpress 1 /usr/bin/oowriter 1 /usr/bin/oowriter 1 /usr/bin/oowriter 1 /usr/sbin/tcpdump 1 /usr/sbin/tcpdump 1 /usr/sbin/tcpdump 1 /usr/bin/lha 1 /usr/bin/lha 1 /usr/bin/lha 1 /usr/sbin/utempter 1 /usr/sbin/utempter 1 /usr/sbin/utempter 1 /usr/sbin/utempter 1 /usr/bin/balsa 1 /usr/bin/balsa 1 /usr/bin/balsa 1 /usr/bin/eog 1 /usr/bin/eog 1 /usr/bin/eog 1 /usr/bin/gs 1 /usr/bin/gs 1 /usr/bin/gs 1 /usr/bin/gnupg 1 /usr/bin/gnupg 1 /usr/bin/evolution 1 /usr/bin/evolution 1 /usr/bin/evolution 1 /usr/bin/kdm 1 /usr/bin/kdm 1 /usr/bin/kdm 1 /usr/bin/konqueror 1 /usr/bin/konqueror 1 /usr/bin/konqueror 1 /usr/libexec/filters/psbanner 1 /usr/bin/mutt 1 /usr/bin/mutt 1 /usr/bin/mutt 1 /usr/bin/pine 1 /usr/bin/pine 1 /usr/bin/pine 1 /usr/bin/emacs 1 /usr/bin/emacs 1 /usr/bin/emacs 1 /usr/bin/xemacs 1 /usr/bin/xemacs 1 /usr/bin/xemacs 1 /usr/sbin/sendmail.sendmail 1 /usr/sbin/sendmail.sendmail 1 /usr/sbin/sendmail.sendmail 1 /usr/sbin/sendmail.sendmail 1 /usr/bin/unzip 1 /usr/bin/unzip 1 /usr/bin/unzip 1 /usr/bin/xpdf 1 /usr/bin/xpdf 1 /usr/bin/xpdf 1 /usr/bin/411toppm 1 /usr/bin/411toppm 1 /usr/bin/411toppm 1 /usr/bin/asciitopgm 1 /usr/bin/asciitopgm 1 /usr/bin/asciitopgm 1 /usr/bin/atktopbm 1 /usr/bin/atktopbm 1 /usr/bin/atktopbm 1 /usr/bin/bioradtopgm 1 /usr/bin/bioradtopgm 1 /usr/bin/bioradtopgm 1 /usr/bin/bmptoppm 1 /usr/bin/bmptoppm 1 /usr/bin/bmptoppm 1 /usr/bin/brushtopbm 1 /usr/bin/brushtopbm 1 /usr/bin/brushtopbm 1 /usr/bin/cmuwmtopbm 1 /usr/bin/cmuwmtopbm 1 /usr/bin/cmuwmtopbm 1 /usr/bin/eyuvtoppm 1 /usr/bin/eyuvtoppm 1 /usr/bin/eyuvtoppm 1 /usr/bin/fiascotopnm 1 /usr/bin/fiascotopnm 1 /usr/bin/fiascotopnm 1 /usr/bin/fitstopnm 1 /usr/bin/fitstopnm 1 /usr/bin/fitstopnm 1 /usr/bin/fstopgm 1 /usr/bin/fstopgm 1 /usr/bin/fstopgm 1 /usr/bin/g3topbm 1 /usr/bin/g3topbm 1 /usr/bin/g3topbm 1 /usr/bin/gemtopbm 1 /usr/bin/gemtopbm 1 /usr/bin/gemtopbm 1 /usr/bin/gemtopnm 1 /usr/bin/gemtopnm 1 /usr/bin/gemtopnm 1 /usr/bin/giftopnm 1 /usr/bin/giftopnm 1 /usr/bin/giftopnm 1 /usr/bin/gouldtoppm 1 /usr/bin/gouldtoppm 1 /usr/bin/gouldtoppm 1 /usr/bin/hipstopgm 1 /usr/bin/hipstopgm 1 /usr/bin/hipstopgm 1 /usr/bin/hpcdtoppm 1 /usr/bin/hpcdtoppm 1 /usr/bin/hpcdtoppm 1 /usr/bin/icontopbm 1 /usr/bin/icontopbm 1 /usr/bin/icontopbm 1 /usr/bin/ilbmtoppm 1 /usr/bin/ilbmtoppm 1 /usr/bin/ilbmtoppm 1 /usr/bin/imgtoppm 1 /usr/bin/imgtoppm 1 /usr/bin/imgtoppm 1 /usr/bin/jpegtopnm 1 /usr/bin/jpegtopnm 1 /usr/bin/jpegtopnm 1 /usr/bin/leaftoppm 1 /usr/bin/leaftoppm 1 /usr/bin/leaftoppm 1 /usr/bin/lispmtopgm 1 /usr/bin/lispmtopgm 1 /usr/bin/lispmtopgm 1 /usr/bin/macptopbm 1 /usr/bin/macptopbm 1 /usr/bin/macptopbm 1 /usr/bin/mdatopbm 1 /usr/bin/mdatopbm 1 /usr/bin/mdatopbm 1 /usr/bin/mgrtopbm 1 /usr/bin/mgrtopbm 1 /usr/bin/mgrtopbm 1 /usr/bin/mtvtoppm 1 /usr/bin/mtvtoppm 1 /usr/bin/mtvtoppm 1 /usr/bin/neotoppm 1 /usr/bin/neotoppm 1 /usr/bin/neotoppm 1 /usr/bin/palmtopnm 1 /usr/bin/palmtopnm 1 /usr/bin/palmtopnm 1 /usr/bin/pamchannel 1 /usr/bin/pamchannel 1 /usr/bin/pamchannel 1 /usr/bin/pamcut 1 /usr/bin/pamcut 1 /usr/bin/pamcut 1 /usr/bin/pamdeinterlace 1 /usr/bin/pamdeinterlace 1 /usr/bin/pamdeinterlace 1 /usr/bin/pamfile 1 /usr/bin/pamfile 1 /usr/bin/pamfile 1 /usr/bin/pamoil 1 /usr/bin/pamoil 1 /usr/bin/pamoil 1 /usr/bin/pamstretch 1 /usr/bin/pamstretch 1 /usr/bin/pamstretch 1 /usr/bin/pamtopnm 1 /usr/bin/pamtopnm 1 /usr/bin/pamtopnm 1 /usr/bin/pbmclean 1 /usr/bin/pbmclean 1 /usr/bin/pbmclean 1 /usr/bin/pbmlife 1 /usr/bin/pbmlife 1 /usr/bin/pbmlife 1 /usr/bin/pbmmake 1 /usr/bin/pbmmake 1 /usr/bin/pbmmake 1 /usr/bin/pbmmask 1 /usr/bin/pbmmask 1 /usr/bin/pbmmask 1 /usr/bin/pbmpage 1 /usr/bin/pbmpage 1 /usr/bin/pbmpage 1 /usr/bin/pbmpscale 1 /usr/bin/pbmpscale 1 /usr/bin/pbmpscale 1 /usr/bin/pbmreduce 1 /usr/bin/pbmreduce 1 /usr/bin/pbmreduce 1 /usr/bin/pbmtext 1 /usr/bin/pbmtext 1 /usr/bin/pbmtext 1 /usr/bin/pbmto10x 1 /usr/bin/pbmto10x 1 /usr/bin/pbmto10x 1 /usr/bin/pbmto4425 1 /usr/bin/pbmto4425 1 /usr/bin/pbmto4425 1 /usr/bin/pbmtoascii 1 /usr/bin/pbmtoascii 1 /usr/bin/pbmtoascii 1 /usr/bin/pbmtoatk 1 /usr/bin/pbmtoatk 1 /usr/bin/pbmtoatk 1 /usr/bin/pbmtobbnbg 1 /usr/bin/pbmtobbnbg 1 /usr/bin/pbmtobbnbg 1 /usr/bin/pbmtocmuwm 1 /usr/bin/pbmtocmuwm 1 /usr/bin/pbmtocmuwm 1 /usr/bin/pbmtoepsi 1 /usr/bin/pbmtoepsi 1 /usr/bin/pbmtoepsi 1 /usr/bin/pbmtoepson 1 /usr/bin/pbmtoepson 1 /usr/bin/pbmtoepson 1 /usr/bin/pbmtog3 1 /usr/bin/pbmtog3 1 /usr/bin/pbmtog3 1 /usr/bin/pbmtogem 1 /usr/bin/pbmtogem 1 /usr/bin/pbmtogem 1 /usr/bin/pbmtogo 1 /usr/bin/pbmtogo 1 /usr/bin/pbmtogo 1 /usr/bin/pbmtoicon 1 /usr/bin/pbmtoicon 1 /usr/bin/pbmtoicon 1 /usr/bin/pbmtolj 1 /usr/bin/pbmtolj 1 /usr/bin/pbmtolj 1 /usr/bin/pbmtoln03 1 /usr/bin/pbmtoln03 1 /usr/bin/pbmtoln03 1 /usr/bin/pbmtolps 1 /usr/bin/pbmtolps 1 /usr/bin/pbmtolps 1 /usr/bin/pbmtomacp 1 /usr/bin/pbmtomacp 1 /usr/bin/pbmtomacp 1 /usr/bin/pbmtomda 1 /usr/bin/pbmtomda 1 /usr/bin/pbmtomda 1 /usr/bin/pbmtomgr 1 /usr/bin/pbmtomgr 1 /usr/bin/pbmtomgr 1 /usr/bin/pbmtonokia 1 /usr/bin/pbmtonokia 1 /usr/bin/pbmtonokia 1 /usr/bin/pbmtopgm 1 /usr/bin/pbmtopgm 1 /usr/bin/pbmtopgm 1 /usr/bin/pbmtopi3 1 /usr/bin/pbmtopi3 1 /usr/bin/pbmtopi3 1 /usr/bin/pbmtopk 1 /usr/bin/pbmtopk 1 /usr/bin/pbmtopk 1 /usr/bin/pbmtoplot 1 /usr/bin/pbmtoplot 1 /usr/bin/pbmtoplot 1 /usr/bin/pbmtoppa 1 /usr/bin/pbmtoppa 1 /usr/bin/pbmtoppa 1 /usr/bin/pbmtopsg3 1 /usr/bin/pbmtopsg3 1 /usr/bin/pbmtopsg3 1 /usr/bin/pbmtoptx 1 /usr/bin/pbmtoptx 1 /usr/bin/pbmtoptx 1 /usr/bin/pbmtowbmp 1 /usr/bin/pbmtowbmp 1 /usr/bin/pbmtowbmp 1 /usr/bin/pbmtox10bm 1 /usr/bin/pbmtox10bm 1 /usr/bin/pbmtox10bm 1 /usr/bin/pbmtoxbm 1 /usr/bin/pbmtoxbm 1 /usr/bin/pbmtoxbm 1 /usr/bin/pbmtoybm 1 /usr/bin/pbmtoybm 1 /usr/bin/pbmtoybm 1 /usr/bin/pbmtozinc 1 /usr/bin/pbmtozinc 1 /usr/bin/pbmtozinc 1 /usr/bin/pbmupc 1 /usr/bin/pbmupc 1 /usr/bin/pbmupc 1 /usr/bin/pcxtoppm 1 /usr/bin/pcxtoppm 1 /usr/bin/pcxtoppm 1 /usr/bin/pgmbentley 1 /usr/bin/pgmbentley 1 /usr/bin/pgmbentley 1 /usr/bin/pgmcrater 1 /usr/bin/pgmcrater 1 /usr/bin/pgmcrater 1 /usr/bin/pgmedge 1 /usr/bin/pgmedge 1 /usr/bin/pgmedge 1 /usr/bin/pgmenhance 1 /usr/bin/pgmenhance 1 /usr/bin/pgmenhance 1 /usr/bin/pgmhist 1 /usr/bin/pgmhist 1 /usr/bin/pgmhist 1 /usr/bin/pgmkernel 1 /usr/bin/pgmkernel 1 /usr/bin/pgmkernel 1 /usr/bin/pgmnoise 1 /usr/bin/pgmnoise 1 /usr/bin/pgmnoise 1 /usr/bin/pgmnorm 1 /usr/bin/pgmnorm 1 /usr/bin/pgmnorm 1 /usr/bin/pgmoil 1 /usr/bin/pgmoil 1 /usr/bin/pgmoil 1 /usr/bin/pgmramp 1 /usr/bin/pgmramp 1 /usr/bin/pgmramp 1 /usr/bin/pgmslice 1 /usr/bin/pgmslice 1 /usr/bin/pgmslice 1 /usr/bin/pgmtexture 1 /usr/bin/pgmtexture 1 /usr/bin/pgmtexture 1 /usr/bin/pgmtofs 1 /usr/bin/pgmtofs 1 /usr/bin/pgmtofs 1 /usr/bin/pgmtolispm 1 /usr/bin/pgmtolispm 1 /usr/bin/pgmtolispm 1 /usr/bin/pgmtopbm 1 /usr/bin/pgmtopbm 1 /usr/bin/pgmtopbm 1 /usr/bin/pgmtoppm 1 /usr/bin/pgmtoppm 1 /usr/bin/pgmtoppm 1 /usr/bin/pi1toppm 1 /usr/bin/pi1toppm 1 /usr/bin/pi1toppm 1 /usr/bin/pi3topbm 1 /usr/bin/pi3topbm 1 /usr/bin/pi3topbm 1 /usr/bin/pjtoppm 1 /usr/bin/pjtoppm 1 /usr/bin/pjtoppm 1 /usr/bin/pktopbm 1 /usr/bin/pktopbm 1 /usr/bin/pktopbm 1 /usr/bin/pngtopnm 1 /usr/bin/pngtopnm 1 /usr/bin/pngtopnm 1 /usr/bin/pnmalias 1 /usr/bin/pnmalias 1 /usr/bin/pnmalias 1 /usr/bin/pnmarith 1 /usr/bin/pnmarith 1 /usr/bin/pnmarith 1 /usr/bin/pnmcat 1 /usr/bin/pnmcat 1 /usr/bin/pnmcat 1 /usr/bin/pnmcolormap 1 /usr/bin/pnmcolormap 1 /usr/bin/pnmcolormap 1 /usr/bin/pnmcomp 1 /usr/bin/pnmcomp 1 /usr/bin/pnmcomp 1 /usr/bin/pnmconvol 1 /usr/bin/pnmconvol 1 /usr/bin/pnmconvol 1 /usr/bin/pnmcrop 1 /usr/bin/pnmcrop 1 /usr/bin/pnmcrop 1 /usr/bin/pnmcut 1 /usr/bin/pnmcut 1 /usr/bin/pnmcut 1 /usr/bin/pnmdepth 1 /usr/bin/pnmdepth 1 /usr/bin/pnmdepth 1 /usr/bin/pnmenlarge 1 /usr/bin/pnmenlarge 1 /usr/bin/pnmenlarge 1 /usr/bin/pnmfile 1 /usr/bin/pnmfile 1 /usr/bin/pnmfile 1 /usr/bin/pnmflip 1 /usr/bin/pnmflip 1 /usr/bin/pnmflip 1 /usr/bin/pnmgamma 1 /usr/bin/pnmgamma 1 /usr/bin/pnmgamma 1 /usr/bin/pnmhisteq 1 /usr/bin/pnmhisteq 1 /usr/bin/pnmhisteq 1 /usr/bin/pnmhistmap 1 /usr/bin/pnmhistmap 1 /usr/bin/pnmhistmap 1 /usr/bin/pnminterp 1 /usr/bin/pnminterp 1 /usr/bin/pnminterp 1 /usr/bin/pnminvert 1 /usr/bin/pnminvert 1 /usr/bin/pnminvert 1 /usr/bin/pnmmontage 1 /usr/bin/pnmmontage 1 /usr/bin/pnmmontage 1 /usr/bin/pnmnlfilt 1 /usr/bin/pnmnlfilt 1 /usr/bin/pnmnlfilt 1 /usr/bin/pnmnoraw 1 /usr/bin/pnmnoraw 1 /usr/bin/pnmnoraw 1 /usr/bin/pnmpad 1 /usr/bin/pnmpad 1 /usr/bin/pnmpad 1 /usr/bin/pnmpaste 1 /usr/bin/pnmpaste 1 /usr/bin/pnmpaste 1 /usr/bin/pnmpsnr 1 /usr/bin/pnmpsnr 1 /usr/bin/pnmpsnr 1 /usr/bin/pnmremap 1 /usr/bin/pnmremap 1 /usr/bin/pnmremap 1 /usr/bin/pnmrotate 1 /usr/bin/pnmrotate 1 /usr/bin/pnmrotate 1 /usr/bin/pnmscale 1 /usr/bin/pnmscale 1 /usr/bin/pnmscale 1 /usr/bin/pnmscalefixed 1 /usr/bin/pnmscalefixed 1 /usr/bin/pnmscalefixed 1 /usr/bin/pnmshear 1 /usr/bin/pnmshear 1 /usr/bin/pnmshear 1 /usr/bin/pnmsmooth 1 /usr/bin/pnmsmooth 1 /usr/bin/pnmsmooth 1 /usr/bin/pnmsplit 1 /usr/bin/pnmsplit 1 /usr/bin/pnmsplit 1 /usr/bin/pnmtile 1 /usr/bin/pnmtile 1 /usr/bin/pnmtile 1 /usr/bin/pnmtoddif 1 /usr/bin/pnmtoddif 1 /usr/bin/pnmtoddif 1 /usr/bin/pnmtofiasco 1 /usr/bin/pnmtofiasco 1 /usr/bin/pnmtofiasco 1 /usr/bin/pnmtofits 1 /usr/bin/pnmtofits 1 /usr/bin/pnmtofits 1 /usr/bin/pnmtojpeg 1 /usr/bin/pnmtojpeg 1 /usr/bin/pnmtojpeg 1 /usr/bin/pnmtopalm 1 /usr/bin/pnmtopalm 1 /usr/bin/pnmtopalm 1 /usr/bin/pnmtoplainpnm 1 /usr/bin/pnmtoplainpnm 1 /usr/bin/pnmtoplainpnm 1 /usr/bin/pnmtopng 1 /usr/bin/pnmtopng 1 /usr/bin/pnmtopng 1 /usr/bin/pnmtops 1 /usr/bin/pnmtops 1 /usr/bin/pnmtops 1 /usr/bin/pnmtorast 1 /usr/bin/pnmtorast 1 /usr/bin/pnmtorast 1 /usr/bin/pnmtorle 1 /usr/bin/pnmtorle 1 /usr/bin/pnmtorle 1 /usr/bin/pnmtosgi 1 /usr/bin/pnmtosgi 1 /usr/bin/pnmtosgi 1 /usr/bin/pnmtosir 1 /usr/bin/pnmtosir 1 /usr/bin/pnmtosir 1 /usr/bin/pnmtotiff 1 /usr/bin/pnmtotiff 1 /usr/bin/pnmtotiff 1 /usr/bin/pnmtotiffcmyk 1 /usr/bin/pnmtotiffcmyk 1 /usr/bin/pnmtotiffcmyk 1 /usr/bin/pnmtoxwd 1 /usr/bin/pnmtoxwd 1 /usr/bin/pnmtoxwd 1 /usr/bin/ppm3d 1 /usr/bin/ppm3d 1 /usr/bin/ppm3d 1 /usr/bin/ppmbrighten 1 /usr/bin/ppmbrighten 1 /usr/bin/ppmbrighten 1 /usr/bin/ppmchange 1 /usr/bin/ppmchange 1 /usr/bin/ppmchange 1 /usr/bin/ppmcie 1 /usr/bin/ppmcie 1 /usr/bin/ppmcie 1 /usr/bin/ppmcolormask 1 /usr/bin/ppmcolormask 1 /usr/bin/ppmcolormask 1 /usr/bin/ppmcolors 1 /usr/bin/ppmcolors 1 /usr/bin/ppmcolors 1 /usr/bin/ppmdim 1 /usr/bin/ppmdim 1 /usr/bin/ppmdim 1 /usr/bin/ppmdist 1 /usr/bin/ppmdist 1 /usr/bin/ppmdist 1 /usr/bin/ppmdither 1 /usr/bin/ppmdither 1 /usr/bin/ppmdither 1 /usr/bin/ppmflash 1 /usr/bin/ppmflash 1 /usr/bin/ppmflash 1 /usr/bin/ppmforge 1 /usr/bin/ppmforge 1 /usr/bin/ppmforge 1 /usr/bin/ppmhist 1 /usr/bin/ppmhist 1 /usr/bin/ppmhist 1 /usr/bin/ppmlabel 1 /usr/bin/ppmlabel 1 /usr/bin/ppmlabel 1 /usr/bin/ppmmake 1 /usr/bin/ppmmake 1 /usr/bin/ppmmake 1 /usr/bin/ppmmix 1 /usr/bin/ppmmix 1 /usr/bin/ppmmix 1 /usr/bin/ppmnorm 1 /usr/bin/ppmnorm 1 /usr/bin/ppmnorm 1 /usr/bin/ppmntsc 1 /usr/bin/ppmntsc 1 /usr/bin/ppmntsc 1 /usr/bin/ppmpat 1 /usr/bin/ppmpat 1 /usr/bin/ppmpat 1 /usr/bin/ppmquant 1 /usr/bin/ppmquant 1 /usr/bin/ppmquant 1 /usr/bin/ppmqvga 1 /usr/bin/ppmqvga 1 /usr/bin/ppmqvga 1 /usr/bin/ppmrelief 1 /usr/bin/ppmrelief 1 /usr/bin/ppmrelief 1 /usr/bin/ppmshift 1 /usr/bin/ppmshift 1 /usr/bin/ppmshift 1 /usr/bin/ppmspread 1 /usr/bin/ppmspread 1 /usr/bin/ppmspread 1 /usr/bin/ppmtoacad 1 /usr/bin/ppmtoacad 1 /usr/bin/ppmtoacad 1 /usr/bin/ppmtobmp 1 /usr/bin/ppmtobmp 1 /usr/bin/ppmtobmp 1 /usr/bin/ppmtoeyuv 1 /usr/bin/ppmtoeyuv 1 /usr/bin/ppmtoeyuv 1 /usr/bin/ppmtogif 1 /usr/bin/ppmtogif 1 /usr/bin/ppmtogif 1 /usr/bin/ppmtoicr 1 /usr/bin/ppmtoicr 1 /usr/bin/ppmtoicr 1 /usr/bin/ppmtoilbm 1 /usr/bin/ppmtoilbm 1 /usr/bin/ppmtoilbm 1 /usr/bin/ppmtojpeg 1 /usr/bin/ppmtojpeg 1 /usr/bin/ppmtojpeg 1 /usr/bin/ppmtoleaf 1 /usr/bin/ppmtoleaf 1 /usr/bin/ppmtoleaf 1 /usr/bin/ppmtolj 1 /usr/bin/ppmtolj 1 /usr/bin/ppmtolj 1 /usr/bin/ppmtomitsu 1 /usr/bin/ppmtomitsu 1 /usr/bin/ppmtomitsu 1 /usr/bin/ppmtompeg 1 /usr/bin/ppmtompeg 1 /usr/bin/ppmtompeg 1 /usr/bin/ppmtoneo 1 /usr/bin/ppmtoneo 1 /usr/bin/ppmtoneo 1 /usr/bin/ppmtopcx 1 /usr/bin/ppmtopcx 1 /usr/bin/ppmtopcx 1 /usr/bin/ppmtopgm 1 /usr/bin/ppmtopgm 1 /usr/bin/ppmtopgm 1 /usr/bin/ppmtopi1 1 /usr/bin/ppmtopi1 1 /usr/bin/ppmtopi1 1 /usr/bin/ppmtopict 1 /usr/bin/ppmtopict 1 /usr/bin/ppmtopict 1 /usr/bin/ppmtopj 1 /usr/bin/ppmtopj 1 /usr/bin/ppmtopj 1 /usr/bin/ppmtopjxl 1 /usr/bin/ppmtopjxl 1 /usr/bin/ppmtopjxl 1 /usr/bin/ppmtopuzz 1 /usr/bin/ppmtopuzz 1 /usr/bin/ppmtopuzz 1 /usr/bin/ppmtorgb3 1 /usr/bin/ppmtorgb3 1 /usr/bin/ppmtorgb3 1 /usr/bin/ppmtosixel 1 /usr/bin/ppmtosixel 1 /usr/bin/ppmtosixel 1 /usr/bin/ppmtotga 1 /usr/bin/ppmtotga 1 /usr/bin/ppmtotga 1 /usr/bin/ppmtouil 1 /usr/bin/ppmtouil 1 /usr/bin/ppmtouil 1 /usr/bin/ppmtowinicon 1 /usr/bin/ppmtowinicon 1 /usr/bin/ppmtowinicon 1 /usr/bin/ppmtoxpm 1 /usr/bin/ppmtoxpm 1 /usr/bin/ppmtoxpm 1 /usr/bin/ppmtoyuv 1 /usr/bin/ppmtoyuv 1 /usr/bin/ppmtoyuv 1 /usr/bin/ppmtoyuvsplit 1 /usr/bin/ppmtoyuvsplit 1 /usr/bin/ppmtoyuvsplit 1 /usr/bin/ppmtv 1 /usr/bin/ppmtv 1 /usr/bin/ppmtv 1 /usr/bin/psidtopgm 1 /usr/bin/psidtopgm 1 /usr/bin/psidtopgm 1 /usr/bin/pstopnm 1 /usr/bin/pstopnm 1 /usr/bin/pstopnm 1 /usr/bin/qrttoppm 1 /usr/bin/qrttoppm 1 /usr/bin/qrttoppm 1 /usr/bin/rasttopnm 1 /usr/bin/rasttopnm 1 /usr/bin/rasttopnm 1 /usr/bin/rawtopgm 1 /usr/bin/rawtopgm 1 /usr/bin/rawtopgm 1 /usr/bin/rawtoppm 1 /usr/bin/rawtoppm 1 /usr/bin/rawtoppm 1 /usr/bin/rgb3toppm 1 /usr/bin/rgb3toppm 1 /usr/bin/rgb3toppm 1 /usr/bin/rletopnm 1 /usr/bin/rletopnm 1 /usr/bin/rletopnm 1 /usr/bin/sbigtopgm 1 /usr/bin/sbigtopgm 1 /usr/bin/sbigtopgm 1 /usr/bin/sgitopnm 1 /usr/bin/sgitopnm 1 /usr/bin/sgitopnm 1 /usr/bin/sirtopnm 1 /usr/bin/sirtopnm 1 /usr/bin/sirtopnm 1 /usr/bin/sldtoppm 1 /usr/bin/sldtoppm 1 /usr/bin/sldtoppm 1 /usr/bin/spctoppm 1 /usr/bin/spctoppm 1 /usr/bin/spctoppm 1 /usr/bin/spottopgm 1 /usr/bin/spottopgm 1 /usr/bin/spottopgm 1 /usr/bin/sputoppm 1 /usr/bin/sputoppm 1 /usr/bin/sputoppm 1 /usr/bin/tgatoppm 1 /usr/bin/tgatoppm 1 /usr/bin/tgatoppm 1 /usr/bin/thinkjettopbm 1 /usr/bin/thinkjettopbm 1 /usr/bin/thinkjettopbm 1 /usr/bin/tifftopnm 1 /usr/bin/tifftopnm 1 /usr/bin/tifftopnm 1 /usr/bin/wbmptopbm 1 /usr/bin/wbmptopbm 1 /usr/bin/wbmptopbm 1 /usr/bin/winicontoppm 1 /usr/bin/winicontoppm 1 /usr/bin/winicontoppm 1 /usr/bin/xbmtopbm 1 /usr/bin/xbmtopbm 1 /usr/bin/xbmtopbm 1 /usr/bin/ximtoppm 1 /usr/bin/ximtoppm 1 /usr/bin/ximtoppm 1 /usr/bin/xpmtoppm 1 /usr/bin/xpmtoppm 1 /usr/bin/xpmtoppm 1 /usr/bin/xvminitoppm 1 /usr/bin/xvminitoppm 1 /usr/bin/xvminitoppm 1 /usr/bin/xwdtopnm 1 /usr/bin/xwdtopnm 1 /usr/bin/xwdtopnm 1 /usr/bin/ybmtopbm 1 /usr/bin/ybmtopbm 1 /usr/bin/ybmtopbm 1 /usr/bin/yuvsplittoppm 1 /usr/bin/yuvsplittoppm 1 /usr/bin/yuvsplittoppm 1 /usr/bin/yuvtoppm 1 /usr/bin/yuvtoppm 1 /usr/bin/yuvtoppm 1 /usr/bin/zeisstopnm 1 /usr/bin/zeisstopnm 1 /usr/bin/zeisstopnm 1 /usr/X11R6/bin/XFree86 1 /usr/X11R6/bin/XFree86 1 /usr/X11R6/bin/XFree86 1 /usr/bin/gaim 1 /usr/bin/gaim 1 /usr/bin/gaim 1 /usr/bin/slocate 1 /usr/bin/slocate 1 /usr/bin/mc 1 /usr/bin/mc 1 /usr/bin/mc 1 /usr/sbin/tcpdump 1 /usr/sbin/tcpdump 1 /usr/sbin/tcpdump 1 / 1 /usr/bin/ethereal 1 /usr/bin/ethereal 1 /usr/bin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/tethereal 1 /usr/sbin/tethereal 1 /usr/sbin/tethereal 1 /usr/share/services/kfile_vcf.desktop 1 /usr/share/services/kfile_vcf.desktop 1 /usr/share/services/kfile_vcf.desktop 1 /usr/bin/mozilla 1 /usr/bin/mozilla 1 /usr/bin/mozilla 1 /usr/bin/ethereal 1 /usr/bin/ethereal 1 /usr/bin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/ethereal 1 /usr/sbin/ethereal 1 /usr/bin/tethereal 1 /usr/bin/tethereal 1 /usr/bin/tethereal 1 /etc/httpd/modules/libphp4.so ^.*cupsd.* ^.*httpd.* ^.*httpd\.worker.* ^.*lpd.* ^.*mysqld.* ^.*rpc\.mountd.* ^.*sshd.* ^.*smtpd.* ^.*smbd.* TCP ^.*smbd.* ^.*sendmail.* TCP ^.*sendmail.* ^.*vsftpd.* TCP ^.*xinetd.* ^.*ypserv.* 1720 .* ^.*httpd.* TCP ^.*httpd TCP ^.*rpc\.mountd ^.*snmpd.* ^.*squid.* ^.*racoon UDP ^.*squid 1812 .*/radiusd udp redhat-release 9 NULL kernel 6 2.4.20 redhat-release ^3.S redhat-release ^.*3.S php ^i.*86 2.4.20-6 x86_64 FreeRADIUS NULL 1.0.1 1 earlier balsa NULL 2.0.6 2 earlier cups NULL 1.1.17 13.3 earlier ddskk NULL 11.6.0 11.90 earlier ddskk-xemacs NULL 11.6.0 11.90 earlier eog NULL 2.2.0 2 earlier ethereal NULL 0.9.11 0.90.1 earlier ethereal NULL 0.9.13 1.90.1 earlier ethereal-gnome NULL 0.9.13 1.90.1 earlier evolution NULL 1.2.2 5 earlier gdm 1 2.4.1.3 5.1 earlier ghostscript NULL 7.05 32.1 earlier gnupg NULL 1.2.1 4 earlier gtkhtml NULL 1.1.9 0.9 earlier gtkhtml NULL 1.1.9 0.9.1 earlier httpd NULL 2.0.40 21.1 earlier httpd NULL 2.0.40 21.5 earlier kdebase 6 3.1 15 earlier krb5-server NULL 1.2.7 14 earlier krb5-libs NULL 1.2.7 14 earlier krb5-workstation NULL 1.2.7 14 earlier kernel NULL 2.4.20 13.9 earlier kernel NULL 2.4.20 18.9 earlier kernel NULL 2.4.20 19.9 earlier kdelibs 6 3.1 12 earlier lprng NULL 3.8.19 3.1 earlier lv NULL 4.49.4 9.9.1 earlier mutt 5 1.4.1 1 earlier mysql-server NULL 3.23.56 1.9 earlier nfs-utils NULL 1.0.1 3.9 earlier openssh-server NULL 3.5p1 6.9 earlier openssh-server NULL 3.5p1 11 earlier openssl NULL 0.9.7a 5 earlier openssl-devel NULL 0.9.7a 5 earlier openssl-perl NULL 0.9.7a 5 earlier openssl096 NULL 0.9.6 17 earlier openssl096b NULL 0.9.6b 6 earlier pam_smb NULL 1.1.6 9.9 earlier perl-CGI 2 2.81 88.3 earlier php NULL 4.2.2 17.2 earlier pine NULL 4.44 19.90.0 earlier postfix 2 1.1.12 1 earlier samba NULL 2.2.7a 7.9.0 earlier samba NULL 2.2.7a 8.9.0 earlier wl NULL 2.10.1 1.1 earlier wl-xemacs NULL 2.10.1 1.1 earlier sendmail NULL 8.12.8 5.90 earlier sendmail NULL 8.12.8 9.90 earlier sendmail NULL 8.12.8 6.90 earlier squirrelmail NULL 1.2.11 1 earlier unzip NULL 5.50 33 earlier up2date NULL 3.1.23.1 5 earlier vsftpd NULL 1.1.3 8 earlier xinetd 2 2.3.11 1.9.0 earlier xpdf 1 2.0.1 11 earlier ypserv NULL 2.8 0.9E earlier pwlib NULL 1.4.7 4.1 earlier netpbm NULL 9.24 10.90.1 earlier netpbm-devel NULL 9.24 10.90.1 earlier netpbm-progs NULL 9.24 10.90.1 earlier XFree86 NULL 4.3.0 2.90.55 earlier netpbm NULL 9.24 11.30.1 earlier netpbm-devel NULL 9.24 11.30.1 earlier netpbm-progs NULL 9.24 11.30.1 earlier mutt 5 1.4.1 3.3 earlier mailman 3 2.1.1 5 earlier gaim 1 0.75 0.9.0 earlier slocate NULL 2.7 2 earlier mc 1 4.6.0 7.9 earlier kdelibs 6 3.1 13 earlier kernel NULL 2.4.21 9.0.1.EL earlier kernel-smp NULL 2.4.21 9.0.1.EL earlier kernel-hugemem NULL 2.4.21 9.0.1.EL earlier pwlib NULL 1.4.7 7.EL earlier samba NULL 3.0.2 6.3E earlier mod_python NULL 3.0.1 4 earlier XFree86 NULL 4.3.0 55.EL earlier libxml2 NULL 2.5.10 6 earlier libxml2-devel NULL 2.5.10 6 earlier libxml2-python NULL 2.5.10 6 earlier kernel NULL 2.4.20 30.9 earlier kernel-smp NULL 2.4.20 30.9 earlier kernel-bigmem NULL 2.4.20 30.9 earlier mutt 5 1.4.1 3.4 earlier gdk-pixbuf 1 0.22.0 6.0.3 earlier gdk-pixbuf-devel 1 0.22.0 6.0.3 earlier gdk-pixbuf-gnome 1 0.22.0 6.0.3 earlier gdk-pixbuf 1 0.22.0 6.1.0 earlier gdk-pixbuf-devel 1 0.22.0 6.1.0 earlier gdk-pixbuf-gnome 1 0.22.0 6.1.0 earlier tcpdump 14 3.7.2 7.9.1 earlier sysstat NULL 4.0.7 4.rhl9.1 earlier tcpdump 14 3.7.2 7.E3.1 earlier cvs NULL 1.11.2 13 earlier ethereal NULL 0.10.0a 0.90.1 earlier ethereal=gnome NULL 0.10.0a 0.90.1 earlier kdepim 6 3.1 6 earlier kernel NULL 2.4.20 28.9 earlier kernel-smp NULL 2.4.20 28.9 earlier kernel-bigmem NULL 2.4.20 28.9 earlier nfs-utils NULL 1.0.6 7.EL earlier sysstat NULL 4.0.7 4.EL3.2 earlier httpd NULL 2.0.40 21.9 earlier httpd NULL 2.0.46 26.ent earlier kdepim 6 3.1.3 3.3 earlier cvs NULL 1.11.2 14 earlier kernel NULL 2.4.21 4.0.2.EL earlier kernel-smp NULL 2.4.21 4.0.2.EL earlier kernel-bigmem NULL 2.4.21 4.0.2.EL earlier kernel NULL 2.4.21 9.EL earlier net-snmp NULL 5.0.9 2.30E.1 earlier openssl NULL 0.9.7a 33.4 earlier openssl-devel NULL 0.9.7a 33.4 earlier openssl-perl NULL 0.9.7a 33.4 earlier openssl096b NULL 0.9.6b 16 earlier mozilla-nss 37 1.4.2 0.9.0 earlier mozilla 37 1.4.2 0.9.0 earlier openssl NULL 0.9.7a 20.2 earlier openssl-devel NULL 0.9.7a 20.2 earlier openssl-perl NULL 0.9.7a 20.2 earlier openssl096 NULL 0.9.6 25.9 earlier openssl096b NULL 0.9.6b 15 earlier mod_ssl NULL 2.0.46 32.ent earlier squid 7 2.5STABLE1 3.9 earlier ethereal NULL 0.10.3 0.90.1 earlier ethereal-gnome NULL 0.10.3 0.90.1 earlier ethereal NULL 0.10.3 0.30E.1 earlier ethereal-gnome NULL 0.10.3 0.30E.1 earlier mozilla-nss 37 1.4.2 3.0.2 earlier kernel NULL 2.4.21 9.0.3.EL earlier kernel-smp NULL 2.4.21 9.0.3.EL earlier kernel-hugemem NULL 2.4.21 9.0.3.EL earlier squid 7 2.5.STABLE3 5.3E earlier ipsec-tools NULL 0.2.5 0.4 earlier kdelibs 6 3.1.3 6.4 earlier rsync NULL 2.5.7 4.3E earlier cvs NULL 1.11.2 22 earlier libpng 2 1.2.2 21 earlier libpng-devel 2 1.2.2 21 earlier libpng NULL 1.0.13 12 earlier libpng-devel NULL 1.0.13 12 earlier kernel NULL 2.4.21 15.EL earlier kernel-unsupported NULL 2.4.21 15.EL earlier cvs NULL 1.11.2 18 earlier openoffice NULL 1.1.0 15.EL earlier tcpdump 14 3.7.2 7.E3.2 earlier lha NULL 1.14i 10.2 earlier utempter NULL 0.5.5 1.3EL.0 earlier squid 7 2.5.STABLE3 6.3E earlier ethereal NULL 0.10.3 0.30E.2 earlier ethereal-gnome NULL 0.10.3 0.30E.2 earlier krb5-libs NULL 1.2.7 24 earlier cvs NULL 1.11.2 24 earlier squirrelmail NULL 1.4.3 0.e3.1 earlier kernel 0 2.4.21 15.0.2.EL earlier kernel-hugemem 0 2.4.21 15.0.2.EL earlier kernel-smp 0 2.4.21 15.0.2.EL earlier libpng 2 1.2.2 24 earlier libpng-devel 2 1.2.2 24 earlier libpng10-devel 0 1.0.13 14 earlier libpng10 0 1.0.13 14 earlier SUNWcsu SUNWxwplt SUNWnisu SUNWsndmu SUWNsmbar SUNWkcl2r SUNWsndmr SUNWapchu SUNWtltk SUNWadmfw SUNWscvw SUNWdtdst ^.*ypbind.* ^.*inetd.* root ^.*dmispd.* ^.*snmpdx.* ^.*rpc\.yppasswdd.* ^.*mibiisa.* ^.*dtlogin.* .*httpd .*sendmail .* .*krb5kdc.* ^/usr/apache/bin/httpd.*SUNWscvw/conf/httpd.conf.* /usr/sbin/in.named ^.*smbd.* ^.*sshd.* /usr/openwin/bin/kcms_configure 1 /usr/openwin/bin/kcms_configure 1 /usr/openwin/bin/kcms_configure 1 /usr/dt/bin/rpc.cmsd 1 /usr/dt/bin/rpc.cmsd 1 /usr/dt/bin/rpc.cmsd 1 /usr/openwin/bin/xlock 1 /usr/openwin/bin/xlock 1 /usr/openwin/bin/Xsun 1 /usr/openwin/bin/Xsun 1 /usr/dt/bin/rpc.ttdbserverd 1 /usr/dt/bin/rpc.ttdbserverd 1 /usr/dt/bin/rpc.ttdbserverd 1 /usr/lib/fs/cachefs/cachefsd 1 /usr/lib/fs/cachefs/cachefsd 1 /usr/lib/fs/cachefs/cachefsd 1 ^/usr/sbin/sparcv./whodo 1 ^/usr/sbin/sparcv./whodo 1 /usr/lib/netsvc/rwall/rpc.rwalld 1 /usr/lib/netsvc/rwall/rpc.rwalld 1 /usr/lib/netsvc/rwall/rpc.rwalld 1 ^.*/bin/admintool 1 ^.*/bin/admintool 1 /usr/dt/bin/dtspcd 1 /usr/dt/bin/dtspcd 1 /usr/dt/bin/dtspcd 1 /usr/openwin/bin/lbxproxy 1 /usr/openwin/bin/lbxproxy 1 /usr/openwin/bin/kcms_server 1 /usr/openwin/bin/kcms_server 1 /usr/openwin/bin/kcms_server 1 /usr/openwin/bin/xfs 1 /usr/openwin/bin/xfs 1 /usr/openwin/bin/xfs 1 /usr/openwin/bin/kcms_configure /usr/dt/bin/rpc.cmsd /usr/lib/dmi/dmispd /usr/openwin/bin/xlock /usr/lib/snmp/snmpdx /usr/openwin/bin/Xsun /usr/dt/bin/rpc.ttdbserverd /usr/lib/fs/cachefs/cachefsd ^/usr/sbin/sparcv./whodo$ /usr/lib/netsvc/rwall/rpc.rwalld ^.*/bin/admintool$ /usr/lib/netsvc/rpc.yppasswdd /usr/lib/snmp/mibiisa /usr/dt/bin/dtspcd /usr/openwin/bin/lbxproxy /usr/openwin/bin/kcms_server /usr/openwin/lib/fs.auto /usr/openwin/bin/xfs /usr/dt/bin/dtlogin /etc/krb5/krb5.conf hostname6?\.le.* ^.*smbd.* /usr/dt/bin/rpc.cmsd /usr/dt/bin/rpc.ttdbserverd /usr/lib/fs/cachefs/cachefsd /usr/lib/netsvc/rwall/rpc.rwalld /usr/dt/bin/dtspcd /usr/openwin/bin/kcms_server /usr/openwin/lib/fs.auto /usr/sbin/sadmind /usr/sbin/sadmind -S 2 106950 14 109147 07 112963 09 107684 10 110615 10 114684 02 112604 02 112609 02 115172 01 113273 04 113575 01 108827 30 108901 6 108652 38 108869 16 108652 52 110286 9 110896 2 108376 38 111600 1 112899 1 106942 22 108541 6 111826 1 111596 2 107709 19 107337 2 110453 1 108721 2 108949 7 106934 4 112846 1 107893 19 108652 51 111590 2 108376 30 109862 3 108117 6 107893 20 107654 10 110286 10 108919 21 112807 09 106541 33 109007 18 114332 12 112908 12 107684 11 110615 11 113575 05 114796 04 112237 11 112390 09 112908 16 112536 05 112908 13 107180 31 112908 15 116973 01 113146 05 112808 02 116457 02 116442 01 116454 01 113146 03 109613 07 112810 06 113505 02 113508 02 115054 01 115055 01 106938 08 109326 13 112970 06 108376 25 108652 30 112300 01 112085 02 108750 02 110322 01 SunOS 5.8 SunOS 5.7 SunOS 5.9 We think, but are not sure that the affected version of bkupexec.exe is 3.60.1.298 The file should be found in C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exe grep c2audit /etc/system True if "set c2audit:audit_load = 1" or similiar egrep ^flags:.*a[sd] /etc/security/audit_control True if any lines returned egrep -e '[\t ]*[^#].*pam_krb5.*debug' /etc/pam.conf True if any lines returned egrep -e '*.debug|daemon.debug' /etc/syslog.conf True if any lines returned grep default_realm /etc/krb5/krb5.conf | grep -v __default_realm__ True if "default_realm = EXAMPLE.COM" where EXAMPLE.COM is a kerberos domain egrep "^[Srecipient=2|S2]|^[^#]*\$>2|^[^#]*\$>recipient|^[^#]*\$>4|^[^#]*\$>final" /etc/mail/sendmail.cf True if any lines returned grep ^auth_to_local.* /etc/krb5/krb5.conf True if anything is returned Service Pack 2 or less for Windows Office XP needs regex involving strings and less than HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server\InstallationLocation \w3proxy.exe 3 0 1200 257 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server\InstallationLocation \wspsrv.exe 3 0 1200 257 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\itircl.dll 5 2 3644 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\itss.dll 5 2 3644 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 2 3790 88 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 1 2600 119 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 0 2195 6824 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 1 2600 1274 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wins.exe 4 0 1381 7255 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wins.exe 4 0 1381 33554 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wins.exe 5 2 3790 99 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir \Microsoft Shared\web server extensions\50\bin\fp30reg.dll 10 00 4205 0000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir \Microsoft Shared\web server extensions\40\bin\fp30reg.dll 4 00 02 7523 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir \Microsoft Shared\web server extensions\40\isapi\shtml.dll 4 00 02 7523 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\jscript.dll 5 1 0 8513 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\jscript.dll 5 5 0 8513 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msgsvc.dll 5 0 2195 6861 %windir%\Program Files\Windows NT\Accessories \wordpad.exe 5 1 2600 1606 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE outlook.exe 10 00 5709 0000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msgina.dll 4 0 1381 7255 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msgina.dll 4 0 1381 33559 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msjet40.dll 5 0 2195 6895 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msgina.dll 5 1 2600 128 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msgina.dll 5 1 2600 1343 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mf3216.dll 4 0 1381 7263 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mf3216.dll 4 0 1381 33562 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mf3216.dll 5 0 2195 6898 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mf3216.dll 5 1 2600 132 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exe\Path \excel.exe 8 00 01 9904 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msdxm.ocx 6 4 9 1124 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wmpcore.dll 8 0 0 4482 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Windows Media Player\wmplayer.exe 8 0 0 4482 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msdxm.ocx 6 4 9 1121 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Windows Media Player\wmplayer.exe 8 0 0 4490 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 4 0 1381 7268 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 4 0 1381 33591 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 5 0 2195 6992 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mf3216.dll 5 1 2600 1331 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exe\Path \excel.exe 9 0 0 8216 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\h323.tsp 5 0 2195 6901 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\h323.tsp 5 2 3790 132 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\h323.tsp 5 1 2600 1348 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\h323.tsp 5 1 2600 134 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot System32\Ntoskrnl.exe 5 1 2600 1605 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Dhcpssvc.dll 4 0 1381 7304 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\lsasrv.dll 5 2 3790 134 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\lsasrv.dll 5 1 2600 134 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\lsasrv.dll 5 1 2600 1361 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exe\Path \excel.exe 10 0 5815 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\lsasrv.dll 5 2 3790 220 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Dhcpssvc.dll 4 0 1381 33587 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wins.exe 5 0 2195 7005 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wins.exe 4 0 1381 7329 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wins.exe 4 0 1381 33618 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path \winword.exe 8 0 0 9315 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\schannel.dll 4 87 1964 1880 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\schannel.dll 5 1 2195 6899 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\schannel.dll 5 2 3790 132 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\schannel.dll 5 1 2600 136 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\schannel.dll 5 1 2600 1347 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\comsvcs.dll 2000 2 3511 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\comsvcs.dll 2001 12 4414 53 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\comsvcs.dll 2001 12 4720 130 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path \winword.exe 8 0 0 9716 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msjet40.dll 4 0 8618 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wmsjet40.dll 4 0 8618 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 5 50 4939 300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 6 00 2739 300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 6 00 37909 137 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 6 00 2800 1409 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcrt4.dll 5 0 2195 6904 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcrt4.dll 5 1 2600 135 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcrt4.dll 5 1 2600 1361 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcss.dll 5 0 2195 6906 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path \winword.exe 9 0 0 8216 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wintrust.dll 5 131 1880 14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wintrust.dll 5 131 2195 6824 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\lsasrv.dll 5 0 2195 6902 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 0 2195 6905 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 2 3790 139 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 1 2600 137 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 1 2600 1362 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcss.dll 5 1 2600 135 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcss.dll 5 1 2600 1361 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcss.dll 5 2 3790 142 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\helpctr.exe 5 1 2600 137 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wkssvc.dll 5 1 2600 120 %WinDir%\system32\ hypertrm.dll 5 0 2195 7000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4913 1100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\w3svc.dll 4 2 775 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2713 1100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2716 2200 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\w3svc.dll 5 0 2195 5269 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4725 2100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\netman.dll 5 0 2195 5974 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3504 2500 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\ism.dll 5 0 2195 5671 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wkssvc.dll 5 1 2600 1301 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\smtpsvc.dll 5 0 2195 4905 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\ism.dll 4 2 764 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\srvsvc.dll 5 0 2195 4980 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\w3svc.dll 5 0 2195 2103 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3513 900 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3502 4856 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2723 2500 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcrt4.dll 5 0 2195 6106 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rasman.dll 4 0 1381 7140 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rasman.dll 5 0 2195 4983 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path \winword.exe 10 0 5815 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\netlogon.dll 5 0 893 1105 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\asp.dll 5 0 2195 6672 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlservr.exe 2000 80 296 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\smss.exe 5 0 2195 5695 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\ism.dll 5 0 2195 3407 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path ssmsrp70.dll 2000 80 213 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlservr.exe 2000 80 428 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\snmp.exe 4 0 1381 7134 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\drivers\mup.sys 5 0 2195 5080 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3523 1700 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\httpext.dll 0 9 3940 20 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2715 400 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2719 2200 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Locator.exe 4 0 1381 7202 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\ntdll.dll 5 0 2195 6685 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Drivers\SRV.SYS 5 0 2195 6699 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlservr.exe 2000 80 608 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path odsole70.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2800 1264 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcrt4.dll 5 0 2195 6802 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3810 1700 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shdocvw.dll 5 0 3214 2000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2722 900 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\snmp.exe 5 0 2195 4919 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\drivers\mup.sys 4 0 1381 7125 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 5 0 3502 4718 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\smss.exe 4 0 1381 7152 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\netlogon.dll 4 0 1381 7092 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4923 2500 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\ism.dll 4 2 776 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\cryptui.dll 5 131 2600 117 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4934 1600 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\cryptui.dll 5 131 2600 1243 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\xactsrv.dll 5 0 2195 5971 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\xenroll.dll 5 131 3659 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\w3svc.dll 5 0 2195 2784 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\idq.dll 5 0 2195 3645 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\cryptui.dll 5 131 2195 6758 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\drivers\rdpwd.sys 5 0 2195 5880 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\jscript.dll 5 6 0 8513 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\user32.dll 5 1 2600 118 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\user32.dll 5 1 2600 1255 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2734 1600 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wkssvc.dll 5 0 2195 6861 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\itircl.dll 5 2 3790 80 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4922 900 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Common Files\Microsoft Shared\TextConv\mswrd664.wpc 2004 10 25 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Common Files\Microsoft Shared\TextConv\wmswrd632.wpc 2004 10 25 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 3790 191 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2800 1458 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2743 600 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4943 400 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2800 1276 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3532 300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\tshoot.ocx 1 0 1 2125 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msgsvc.dll 5 1 2600 120 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msgsvc.dll 5 1 2600 1301 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlservr.exe 2000 80 578 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xpstar.dll 2000 80 561 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\srvsvc.dll 5 0 2195 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dxmasf.dll 6 4 9 1121 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlservr.exe 2000 80 650 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3819 300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 3790 94 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcrt4.dll 5 0 2195 6753 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Common Files\Microsoft Shared\TextConv\mswrd632.wpc 2004 10 25 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\kernel32.dll 4 0 1381 7224 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\nntpsvc.dll 5 0 2195 3881 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcproxy.dll 5 2 3790 137 srv03_qfe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\user32.dll 5 0 2195 6799 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\hhctrl.ocx 5 2 3669 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\hhsetup.dll 5 2 3644 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcproxy.dll 5 2 3790 141 srv03_qfe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcproxy.dll 5 0 2195 6904 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\tlntsvr.exe 5 0 33668 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\sp3res.dll 5 0 2195 6713 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\umandlg.dll 1 0 0 3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3510 1100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\helpctr.exe 5 2 3790 161 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\ole32.dll 4 0 1381 7263 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\ssinc.dll 5 0 2195 6624 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\ole32.dll 4 0 1381 33562 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcproxy.dll 4 0 1381 7255 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcproxy.dll 4 0 1381 33559 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\helpctr.exe 5 1 2600 1515 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \MSN Messenger\msgsc.dll 6 1 0 211 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Common Files\Microsoft Shared\TextConv\mswrd6.wpc 10 0 803 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msjava.dll 5 0 3810 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msjava.dll 5 0 3809 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\helpctr.dll 5 2 3790 125 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\w3svc.dll 4 2 769 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Msw3prt.dll 5 5 2195 3649 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\w3svc.dll 4 0 1381 164 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4613 1700 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2712 0300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4926 2500 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir \Microsoft Shared\web server extensions\40\bin\fp4areg.dll 4 00 02 7523 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2716 2200 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2713 1100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4927 2100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\snmp.exe 4 0 1381 133 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 3 70 11 40 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 2000 80 746 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\helpctr.dll 5 1 2600 128 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\helpctr.dll 5 1 2600 1340 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\evtgprov.dll 5 1 2600 136 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\evtgprov.dll 5 1 2600 1363 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir \Microsoft Shared\web server extensions\50\bin\fp5areg.dll 10 00 4205 0000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 2000 81 9001 40 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 2000 81 9041 40 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\umandlg.dll 1 0 0 4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4616 200 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4701 2400 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Windows NT\Accessories\mswd6_32.wpc 2004 10 21 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Windows NT\Accessories\mswrd632.wpc 2004 10 21 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\lsasrv.dll 5 1 2600 2525 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\lsasrv.dll 5 0 2195 6987 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\w3svc.dll 4 2 780 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\InstallDirectory h323fltr.dll 3 0 1200 291 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\msw3prt.dll 5 5 2195 58075 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\code.asp 4 0 1381 279 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\w3svc.dll 5 5 2195 6672 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\nsiislog.dll 4 1 0 3931 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\nsiislog.dll 4 1 0 3932 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\nsiislog.dll 4 1 0 3861 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\w3svc.dll 5 1 2600 1125 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system\vserver.vxd 4 10 2001 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\w3svc.dll 4 2 764 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\msw3prt.dll 5 0 2195 3649 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Setup\Services \bin\exprox.dll 6 5 6980 57 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Msw3prt 5 0 2195 2956 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir \Crystal Decisions\1.1\Managed\CrystalDecisions.Web.dll 9 1 9800 9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 5 0 2195 6902 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 4 0 1381 7265 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 4 0 1381 33563 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRoot \system32\Ipnathlp.dll 5 0 2195 6902 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ipnathlp.dll 5 1 2600 137 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ipnathlp.dll 5 1 2600 1364 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ipnathlp.dll 5 2 3790 142 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\lsasrv.dll 5 1 2600 1597 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\sqlsrv32.dll 3 70 11 46 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wins.exe 5 2 3790 239 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\sqlsrv32.dll 2000 80 747 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 1 2600 148 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 1 2600 1517 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 2 3677 144 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 3 0 903 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \SysWOW64\dplayx.dll 5 2 3790 163 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 2 3790 163 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\sqlsrv32.dll 2000 81 9002 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\sqlsrv32.dll 2000 81 9042 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\sqlsrv32.dll 2000 85 1025 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 3 70 11 46 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 2000 80 747 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\tcpcfg.dll 4 0 1381 7064 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\tcpcfg.dll 4 0 1381 7097 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\winlogon.exe 4 0 1381 7058 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Setup\Services \bin\mad.exe 6 5 5700 21 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path sqlservr.exe 2000 80 650 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path odsole70.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 2000 81 9002 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path xpstar.dll 2000 80 628 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 0 2195 6927 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 0 2258 410 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 1 2600 891 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 2 3677 144 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dplayx.dll 5 3 0 903 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path sqlservr.exe 2000 80 636 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path ssnetlib.dll 2000 80 636 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path xpqueue.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path xprepl.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 2000 81 9042 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path xplog70.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPaths\sqlservr.exe\Path xpweb70.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\crypt32.dll 5 131 2600 1123 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\cryptdlg.dll 5 0 1558 6608 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\cryptdlg.dll 5 0 1558 6072 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 5 0 2195 6159 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 4 0 1381 7203 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 4 0 1381 33545 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Sp3res.dll 5 0 2195 6928 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\odbcbcp.dll 2000 85 1025 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\psxss.exe 4 0 1381 33567 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\psxss.exe 5 0 2195 6929 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Umandlg.dll 1 0 0 5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\psxss.exe 4 0 1381 7269 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\itss.dll 5 2 3790 185 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mstask.dll 4 71 2195 6920 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\w3svc.dll 4 2 788 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 5 0 3900 6922 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 6 0 3790 168 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 6 0 2800 1517 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \MSN Messenger\msgsc.dll 6 0 0 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 6 0 2800 1556 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 6 0 3790 163 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 4 72 3841 1100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mstask.dll 5 1 2600 155 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mstask.dll 5 1 2600 1564 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mstask.dll 5 1 2600 1555 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mstask.dll 4 71 1979 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 6 0 2800 1233 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 6 0 2600 115 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Windows Media\Server\nscm.exe 4 1 0 3934 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 6 0 2742 200 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 6 0 3790 181 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\drivers\netbt.sys 5 1 2600 117 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\drivers\netbt.sys 5 1 2600 1243 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Drivers\SRV.SYS 5 1 2600 112 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Drivers\SRV.SYS 5 1 2600 1193 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 6 0 2800 1441 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 6 0 3790 185 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetcomm.dll 5 50 4942 400 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Windows Media\Server\nspmon.exe 4 1 0 3934 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path \winword.exe 9 0 0 7924 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 4 0 1381 7267 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\user32.dll 4 0 1381 7177 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\gdi32.dll 4 0 1381 7177 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\winsrv.dll 4 0 1381 7202 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\win32k.sys 4 0 1381 7207 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path \winword.exe 9 0 0 6926 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Common Files\System\msadc\msadco.dll 2 62 9119 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Common Files\System\msadc\msadco.dll 2 53 6202 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir \Common Files\System\msadc\msadco.dll 2 12 5118 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office \10.0\Common\InstallRoot\msohev.dll 10 0 2609 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\cdo.dll 5 5 2558 10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path \winword.exe 9 0 0 6328 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6CE92CC2CB71D1\9040210900063D11C8EF10054038389C 2003 1100 6252 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\msasn1.dll 5 0 2195 6823 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 4 0 1381 7116 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ \System\Ole DB folder\sqlisapi.dll 2000 80 309 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlservr.exe 2000 80 760 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\sxs.dll 5 2 3790 121 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\sxs.dll 5 1 2600 1363 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0A0D0E3C44B1C\9040210900063D11C8EF10054038389C 6 0 3264 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5052E3053B8D3D 10 0 6714 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 5 0 3900 6970 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dbmslpcn.dll 2000 80 818 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\httpext.dll 5 0 2195 6958 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\smtpsvc.dll 6 0 3790 211 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\httpext.dll 6 0 2600 165 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\httpext.dll 6 0 2600 1579 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\vdmdbg.dll 5 0 2195 6946 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\nntpsvc.dll 6 0 3790 206 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\gdi32.dll 5 0 2195 6945 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\win32k.sys 5 2 3790 198 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \SysWOW64\shell32.dll 6 9 2800 1580 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlservr.exe 2000 80 818 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 6 0 2800 1580 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\gdi32.dll 4 0 1381 33566 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\gdi32.dll 4 0 1381 7270 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 6 0 2750 166 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\httpext.dll 6 0 3790 212 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 4 72 3843 3100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\shell32.dll 4 0 1381 3356 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\nddenb32.dll 4 0 1381 7268 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\grpconv.exe 5 0 2195 6966 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path ssmslpcn.dll 2000 80 818 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\nddenb32.dll 4 0 1381 33565 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\netdde.exe 4 0 1381 33574 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\netdde.exe 4 0 1381 7280 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\grpconv.exe 4 0 1381 7286 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\grpconv.exe 4 0 1381 33577 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\grpconv.exe 5 2 3790 205 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \syswow64\shell32.dll 5 2 3790 205 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\netdde.exe 5 0 2195 6952 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\netdde.exe 5 0 2195 6922 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\grpconv.exe 5 1 2600 166 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path ssnetlib.dll 2000 80 818 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\grpconv.exe 5 1 2600 1580 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \syswow64\shell32.dll 5 1 2600 1580 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\zipfldr.dll 6 0 2750 167 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\nntpsvc.dll 5 0 2195 6972 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\zipfldr.dll 6 0 2800 1584 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\vdmdbg.dll 5 1 2600 1560 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \SysWOW64\zipfldr.dll 6 0 2800 1584 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\zipfldr.dll 6 0 3790 198 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \SysWOW64\zipfldr.dll 6 0 3790 198 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\nntpsvc.dll 5 5 1877 79 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path ssnmpn70.dll 2000 80 818 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\nddenb32.dll 5 2 3790 173 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\netdde.exe 5 2 3790 184 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \SysWOW64\nddenb32.dll 5 2 3790 193 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \SysWOW64\netdde.exe 5 2 3790 193 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\netdde.exe 5 1 2600 1567 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\nddenb32.dll 5 1 2600 1555 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\nddenb32.dll 5 1 2600 149 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\inetsrv\netdde.exe 5 1 2600 158 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \SysWOW64\netdde.exe 5 1 2600 1567 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \SysWOW64\nddenb32.dll 5 1 2600 1555 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\SharedCode msgprox.dll 2000 80 765 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2900 2523 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2900 2524 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcrt4.dll 4 0 1381 7299 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 3790 219 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcrt4.dll 4 0 1381 33578 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\SharedCode replrec.dll 2000 80 765 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3821 2800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3534 2800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 4945 2800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2745 2800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2745 2800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\Drivers\SRV.SYS 4 0 1381 7214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcss.dll 4 0 1381 7224 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\rpcss.dll 5 0 2195 6810 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\quartz.dll 6 1 5 132 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\SharedCode sqlvdi.dll 2000 80 765 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\kernel32.dll 5 0 2195 6011 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path impprov.dll 2000 80 650 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\dbmsrpcn.dll 2000 80 213 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot Program Files\Microsoft ISA Server\msphlpr.dll 3 0 1200 408 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xpweb70.dll 2000 80 778 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path msgprox.dll 2000 80 765 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\SharedCode replprov.dll 2000 80 798 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path replrec.dll 2000 80 765 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlvdi.dll 2000 80 765 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xpqueue.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xprepl.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xplog70.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xpweb70.dll 2000 80 606 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xpstar.dll 2000 80 628 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot %windir%\InetPub\scripts\proxy\w3proxy.dll 2 0 390 16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path console.exe 2000 80 818 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRoot \system32\dbmslpcn.dll 2000 80 818 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlmap70.dll 2000 80 811 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlrepss.dll 2000 80 765 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \System32\Ntoskrnl.exe 5 1 2600 160 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path ums.dll 2000 80 816 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path odsole70.dll 2000 80 800 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wkssvc.dll 5 00 2195 6862 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path odsole70.dll 2000 80 223 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xpqueue.dll 2000 80 223 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xprepl.dll 2000 80 223 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path xpstar.dll 2000 80 223 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path sqlservr.exe 2000 80 384 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3526 800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 0 3813 800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 5 50 4937 800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2737 800 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 2800 1400 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\mshtml.dll 6 0 3790 118 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot \system32\wins.exe 5 0 2195 6870 LM\W3SVC 6014 ^.*ssinc\.dll.*$ LM\W3SVC 6014 ^.*asp\.dll.*$ ^LM\\MSFTPSVC\\.*$ 1016 4 LM\W3SVC 6014 ^.*ism\.dll.*$ LM\W3SVC 6014 ^.*idq\.dll.*$ LM\W3SVC 6032 .*Negotiate.* LM\\W3SVC\\/d*\\ROOT 6011 ^http:*,PERMANENT,* ^LM\\W3SVC\\.*$ 5506 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CurrentVersion 5.0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840374 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DataAccess FullInstallVer ^2\.5.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DataAccess FullInstallVer ^2\.6.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DataAccess FullInstallVer ^2\.70.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DataAccess FullInstallVer ^2\.71.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DataAccess FullInstallVer ^2\.8.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server VersionMajor 3 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\MSExchangeWEB\DAV ReuseConnections 0 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\Fwsrv Start 4 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Fpc\\Arrays\\\{[^\\]+\}\\Extensions\\Proxy-Plugins\\\{FE440D49-AB26-11D2-A101-00C04FB6CFB6\}$ msFPCEnabled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\832759 .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server SP DisplayName Microsoft ISA Server 2000 Updates HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\DataAccess\Q832483 IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832483 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\291 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Exchange\Setup Services Version 65 HKEY_CLASSES_ROOT HCP .* HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1200 3 HKEY_CURRENT_USER ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1200 3 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1400 3 HKEY_CURRENT_USER ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1400 3 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\408 Kbs KB888258 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Office\9.0\Word\InstallRoot .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Office\10.0\Word\InstallRoot .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Office\9.0\Excel\InstallRoot .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Office\10.0\Excel\InstallRoot .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888258 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832894 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Windows Media Services\KB832359 IsInstalled 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\nsstation Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Windows Media Services\KB832359 Start 4 HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetShow Version 4.1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server Enabled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Outlook Express\Version Info Current 5,50,4807,1700 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Outlook Express\Version Info Current 6,0,2600,0000 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Outlook Express\Version Info Current 6,0,3790,0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Outlook Express\Version Info Current 6,0,2800,1106 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 6.00.2600.0000 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB837001 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB837009 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB835732 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828741 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e} IsInstalled 1 HKEY_CURRENT_USER ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1001 3 HKEY_CURRENT_USER ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1803 3 HKEY_CURRENT_USER ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1A02 3 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1A03 3 HKEY_CURRENT_USER ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1A03 3 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\Netlogon Start 2 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Office\10.0\Outlook\InstallRoot .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9} DisplayVersion 10.0.4333.0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9} DisplayVersion 10.0.6626.0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CurrentVersion 5.1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{D7B44F3E-77D3-44C5-8E03-4222D9A18B7B} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{61E6EAE5-7821-4AC1-9BBD-AED032A8E273} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{FF4DD9CD-F25E-425a-8B5C-A2D062781FBB} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{2757B1D6-0367-4663-877C-93ECC5C01BF6} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{C34F4917-ED43-439f-9023-97B0024A2B3B} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{f5de1b93-9d38-416b-b09e-aa85a8e84309} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\INetStp MajorVersion 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\INetStp MinorVersion 0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q319733 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q327696 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811114 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 6.0.2600.0000 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion Service Pack 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\INetStp MajorVersion 5 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion ^Service Pack [3-9]|\d{2,}$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.50.4134.0100 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.50.4134.0600 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.50.4522.1800 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326886 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{839117ee-2132-4bae-a56a-42b50204c9b9} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.2919.800 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.2919.3800 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.2919.6307 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.2920.0000 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.3103.1000 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.3105.0106 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.3314.2101 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB867801 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q321599 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313450 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix IsInstalled 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\SMTPSVC Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q295534 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q301625 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q299444 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318593 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q269862 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q277873 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q293826 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885836 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion Service Pack 2 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222} Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q331953 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Ras\CurrentVersion PathName RASPHONE.PBK HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318138 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\RasMan Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\SP2SRP1 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion CurrentVersion 8.00.194 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\MSSQLServer\MSSQLServer LoginMode 2 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q320206 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q314147 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\SNMP Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q311967 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q291845 Installed 1 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1A02 3 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes gopher gopher:// HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q810833 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\RPCLocator Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q815021 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\277 Kbs 816456 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB817606 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion ^Service Pack [4-9]|\d{2,}$ HKEY_LOCAL_MACHINE SOFTWARE\Classes\MIME\Database\Content Type\application/hta Extension .hta HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824146 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Ole EnableDCOM Y HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{90A2A715-D986-4EAB-8C73-4D06114EF760} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1} IsInstalled 1 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1803 3 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q312895 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313829 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q321599 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion ^Service Pack [2-9]|\d{2,}$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823182 Installed 1 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1001 3 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326830 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\lanmanserver Start 2 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323172 Installed 1 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1200 0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q300972 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion HKEY_LOCAL_MACHINE SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Security_HKLM_only 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\Terminal Server ProductVersion 5.0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q324380 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\RDPWD Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824141 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\UtilMan Start 4 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\Messenger Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB825119 Installed 1 HKEY_CLASSES_ROOT HCP .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents fp_extensions 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB826232 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q305601 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329170 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\lanmanserver\parameters enablesecuritysignature 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\MediaPlayer\8.0\Registration UDBVersion 8.0.0.4477 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Windows Media Player\wm320920 IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Windows Media Player\wm308567 IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\5.0\Setup Packages Microsoft FrontPage Server Extensions 2002 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823803 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Windows Media Player\wm817787 IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q303984 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\NntpSvc Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323255 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\Setup Packages FrontPage 2000 Server Extensions SR HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\257 Kbs 331066 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\Fwsrv Start 2 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q307298 IsInstalled 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\Tlntsvr Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822679 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\Setup Packages SharePoint Installed HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion Service Pack 6 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.50.4134.0100 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.50.4134.0600 HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad EnableLegacyConverters 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.50.4522.1800 HKEY_LOCAL_MACHINE Software\Microsoft\Active Setup\Installed Components\{A954CDD5-A95F-414F-B3FE-FBEF9D2AECEA} IsInstalled 1 HKEY_LOCAL_MACHINE Software\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 6.0.2600.0000 HKEY_LOCAL_MACHINE Software\Microsoft\Active Setup\Installed Components\{716E024F-7F74-47F3-B93B-9FF7F3CBF94C} IsInstalled 1 HKEY_LOCAL_MACHINE Software\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D} IsInstalled 1 HKEY_LOCAL_MACHINE Software\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885835 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Security_HKLM_only 1 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1803 3 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885249 Installed 1 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$ 1200 3 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion Service Pack 5 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DataAccess FullInstallVer ^2\.5.* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\DataAccess\Q823718 IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DataAccess FullInstallVer ^2\.6.* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB870763 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DataAccess FullInstallVer ^2\.7.* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Ole EnableDCOMHTTP Y HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q232449 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\Hotfix\Q811114 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB817772 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822343 Installed 1 HKEY_CLASSES_ROOT htfile ^.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\INetStp MinorVersion 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion Version Windows 98 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\UtilMan{5c773859-bb96- 48fa-875b-6a58aae072f4} IsInstalled 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage Bind 0 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage Export 0 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage Route 0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion Version ^Windows.* HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\LmHosts Start 4 HKEY_LOCAL_MACHINE ^SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip.*$ NetbiosOptions 2 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion Service Pack 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\ProductOptions ProductType WinNT HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\w3svc Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DirectX Version ^4\.08\.01.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DirectX Version ^4\.08\.02.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DirectX Version ^4\.09.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643-DirectX82 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643-DirectX9 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\ProductOptions ProductType ^.*ServerNT.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion ^Service Pack [1-9]|\d{2,}$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CurrentVersion ^5\.[1-2]$ HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\ProductOptions ProductType ^.*LanmanNT.*$ HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\ProductOptions ProductSuite Terminal Server HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q265714 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Transaction Server\Packages Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q317636 Installed 1 HKEY_LOCAL_MACHINE ^Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.* DisplayName Microsoft Exchange 2000 HKEY_LOCAL_MACHINE Software\Microsoft\Updates\Exchange Server 2000\SP3\Q316056 .* HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg Everyone HKEY_CLASSES_ROOT SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB873339\ Filelist ^.*$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion CurrentVersion 8.00.194 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DirectX Version ^4\.07.* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DirectX Version ^4\.08\.00.* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX8 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DirectX Version ^4\.08\.01.* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX81 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DirectX Version ^4\.08\.02.* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX82 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\DirectX Version ^4\.09\.00.* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX9 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\LSA RestrictAnonymous 0 HKEY_LOCAL_MACHINE \Software\VERITAS\Backup Exec\Server CurrentVersion 8.5 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB824105\Filelist installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824105\Filelist installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329115 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811493 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\Session Manager\Subsystem Posix HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841872 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB842526 Installed HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840315 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB841873 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q841373 Installed 1 HKEY_LOCAL_MACHINE System\CurrentControlSet\Services\w3svc\parameters MaxClientRequestBufferData 16384 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839645 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Classes\ITSProtocol .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{bfb56e60-5895-496c-bd6b-459b97142e4c} IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB821557 Installed 1 HKEY_CLASSES_ROOT SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\kb823353 Installed 1 HKEY_USERS ^S-[-0-9]+\\Identities\\\{[-0-9A-Z]+\}\\Software\\Microsoft\\Outlook\ Express\\5\.0\\Mail$ ShowHybridView 0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} Version 5,6,0,8513 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 6.00.2800.1106 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} Version 5,1,0,8513 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} Version 5,5,0,8513 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q328310 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329414 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Exchange\Setup ServicePackBuild 2653 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Exchange Server 5.5\SP5\842436a IsInstalled 2 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\MSExchangeweb .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 6.00.3790.0000 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB833987 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB833987 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9} DisplayVersion 10.0.4330.0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90110409-6000-11D3-8CFE-0150048383C9} DisplayVersion 11.0.6252.7 HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Patches\9FEC06657760FC84499ED532196D45EE2 Security Update for Office 2003: Wordperfect 5.x Converter (KB873378) Installed HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Patches\FC3FF5BA5FE5D1B4A9B9CD3698A34B89 .* Installed HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Updates\Visual Studio\7.1\M8303481037 Installed 1 HKEY_LOCAL_MACHINE Software\Microsoft\VisualStudio\7.1 .* HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0150048383C9} DisplayVersion 11.0.5614.0 HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040B30900063D11C\Patches\69B0450262BC7F44E8D4B683A49E437A Installed HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0050048383C9} DisplayVersion 10.0.8326.0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040B30900063D11C8EF00054038389C\Patches\1F6752D69ABCD9F4B8021B9163826CAC Installed HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354} DisplayVersion 10.2.5110 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040150945D64D11EB3E000CF4993045\Patches\A75085E78F7F14244A464F09F6543C6C Installed HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9} DisplayVersion 11.0.3216.5614 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040150900063D11C8EF10054038389C\Patches\6B94DD4A71ECBDE43822F9D47D963102 Installed HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00000409-78E1-11D2-B60F-006097C998E7} DisplayVersion 9.00.9327 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.50.4807.2300 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\A1334AC428B43BF4E9547C55D3DFE977 .* Installed HKEY_LOCAL_MACHINE Software\Microsoft\VisualStudio\7.0 .* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040F50095765D115AF4000972A8B18B\Patches\4A3C9366F1471A7479BB3FDBC1FE3B31 Installed HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C\Patches\4461EFFBCC9338645A85657DBDEB9E61 Installed HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{dc0d5f50-5F0b-46bf-8683-93ac61c67001} ComponentID Q833989 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00010409-78E1-11D2-B60F-006097C998E7} DisplayVersion 9.00.9327 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009 Installed 1 HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841356 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion ^Service Pack [0-4]$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CSDVersion ^Service Pack [5-9]|\d{2,}$ HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.3700.1000 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\W3SVC\Parameters DisableWebDAV 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885881 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885881 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840987 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB883935 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824151 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.3502.1000 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion Version Windows ME HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841533 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB883935 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873376 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Classes\CompressedFolder FriendlyTypeName *zipfldr.dll* HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883935 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883935 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873350 File 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp3-20040929.121357 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 5.00.3315.1000 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp4-20040929.111451 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Active Setup\Installed Components\{ 3e7bb08a-a7a3-4692-8eac-ac5e7895755b} IsInstalled 1 HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie6-20040929.115007 IsInstalled 1 HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707 IsInstalled 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Internet Explorer Version 6.00.2900.2180 HKEY_CURRENT_USER ^Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings$ DisableCachingOfSSLPages 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q817606 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823980 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q19696 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824245 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CurrentVersion 5.2 HKEY_CLASSES_ROOT telnet\shell\open command C:\Program Files\Windows NT\hypertrm.exe /t %1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\Session Manager\Environment PROCESSOR_ARCHITECTURE ia64 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\lanmanworkstation Start 4 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Control\Session Manager\Environment PROCESSOR_ARCHITECTURE x86 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion CurrentVersion 4.0 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828035 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828749 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB810217 Installed 1 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Proxy Server Microsoft Proxy Server HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB830352 Installed 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\wins Start 4 HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828028 Installed 1