The OVAL Repository5.32007-12-31T09:00:08.584-05:00Hyperlink Object Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemStack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris Xorg Privilege Escalation via Pixmaps VulnerabilitySun Solaris 9Sun Solaris 10XMultiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRed Hat Enterprise Linux 3 Kernel Serial Link Information Disclosure VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.Jay BealeINTERIMINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMicrosoft Share Level Password VulnerabilityMicrosoft Windows 98File and Print SharingFile and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.Tiffany BergeronINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 COM Internet Services/RPC over HTTP Proxy Component Buffer OverflowMicrosoft Windows 2000COM Internet ServicesBuffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.Christine WalzerINTERIMACCEPTEDACCEPTEDCVS error_prog_name Double-free VulnerabilityRed Hat Enterprise Linux 3CVSDouble-free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.Jay BealeINTERIMACCEPTEDACCEPTEDCVS Improper Handling of Malformed Entry LinesRed Hat Enterprise Linux 3CVSCVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.Jay BealeINTERIMACCEPTEDACCEPTEDHP-UX Core Stack Size DoS Vulnerability (B.11.23)HP-UX 11Operating SystemUnspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."Robert L. HollisDRAFTMatthew WojcikINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMutliple BO Vulnerabilities in MIT Kerberos 5Red Hat Enterprise Linux 3MIT Kerberos 5 (krb5)Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDOutlook Express v6.0 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDIE v6.0 Content Disposition/Type Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.Andrew ButtnerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDOutlook Express 6,SP1 News Reading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDEthereal MMSE Dissector VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.Jay BealeINTERIMACCEPTEDACCEPTEDEthereal SPNEGO Dissector VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.Jay BealeINTERIMACCEPTEDACCEPTEDEthereal AIM Dissector VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.Jay BealeINTERIMACCEPTEDACCEPTEDIE6 DHTML Method Call Memory Corruption (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRacoon Denial of Service via Large Length FieldRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows XP IIS Out of Process Privilege Elevation VulnerabilityMicrosoft Windows XPMicrosoft Internet Information Server (IIS)Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDEthereal Denial of Service via SIP MessagesRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.Jay BealeINTERIMACCEPTEDACCEPTEDNTLM Authentication BO in Squid Web Proxy CacheRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).Jay BealeINTERIMACCEPTEDACCEPTEDGopher Client Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.David ProulxChristine WalzerINTERIMACCEPTEDACCEPTEDUtempter Directory Traversal VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.Jay BealeINTERIMACCEPTEDACCEPTEDMultiple Directory Traversal Vulnerabilities in LHARed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").Jay BealeINTERIMACCEPTEDACCEPTEDMultiple BO Vulnerabilities in LHA get_header FunctionRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.Jay BealeINTERIMACCEPTEDACCEPTEDtcpdump Identification Payload in ISAKMP Packets VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.Jay BealeINTERIMACCEPTEDACCEPTEDRed Hat OpenSSL do_change_cipher_spec Function Denial of ServiceRed Hat Linux 9OpenSSLThe do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.Matt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE Frame Domain Verification VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDtcpdump Delete Payload in ISAKMP Packets VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.Jay BealeINTERIMACCEPTEDACCEPTEDlibpng Malformed PNG Image VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDCVS pserver BORed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSolaris cachefsd Buffer Overrun VulnerabilitySun Solaris 8cachefsdBuffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.David ProulxBrian SobyBrian SobyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows NT COM Internet Services/RPC over HTTP Proxy Component Buffer OverflowMicrosoft Windows NTCOM Internet ServicesBuffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.Christine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMS Jet Database Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Jet Database EngineBuffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.Andrew ButtnerINTERIMACCEPTEDACCEPTEDrsync Path Sanitation VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows NT Media Services ISAPI Logging VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.Christine WalzerINTERIMACCEPTEDACCEPTEDIE6 Script Execution Vulnerability (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows XP H.323 Protocol Remote Code Execution VulnerabilityMicrosoft Windows XPH.323Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.Jonathan BakerINTERIMACCEPTEDACCEPTEDIE File Upload VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerThe file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDACCEPTEDMDAC SQL-DMO Buffer Overflow (Test 2)Microsoft Windows XPMicrosoft Data Access Components 2.6Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerINTERIMACCEPTEDACCEPTEDMDAC SQL-DMO Buffer Overflow (Test 1)Microsoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000MDAC 2.5Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDMagick XWD Decoder DoSRed Hat Enterprise Linux 3ImageMagickThe XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDIE Cookie-based Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerThe zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 WMF/EMF Buffer OverflowMicrosoft Windows 2000Enhanced Metafile (EMF)Windows Metafile (WMF)Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows XP RPCSS Service DCOM Activation Denial of ServiceMicrosoft Windows XPRemote Procedure Call (RPC)An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDServer 2003 RPCSS Service DCOM Activation Denial of ServiceMicrosoft Windows Server 2003Remote Procedure Call (RPC)An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.Christine WalzerChristine WalzerDRAFTIE .chm Directory Traversal Windows NT VulnerabilityMicrosoft Windows NTHTML Help FacilityInternet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.Andrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisJonathan BakerACCEPTEDACCEPTEDWindows 2000 RPCSS Service DCOM Activation Denial of ServiceMicrosoft Windows 2000Remote Procedure Call (RPC)An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.Christine WalzerINTERIMACCEPTEDACCEPTEDKonqueror URI Handler "-" Filter VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDNT4.0 SNMP Denial of ServiceMicrosoft Windows NTSNMPMemory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.Christine WalzerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDACCEPTEDWindows 2000 SSL PCT Handshake VulnerabilityMicrosoft Windows 2000Private Communications Transport (PCT)Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.Andrew ButtnerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDMicrosoft Excel Malformed OBJECT record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."Robert L. HollisINTERIMACCEPTEDACCEPTEDWindows 2000 IIS ASP Server-Side Include Function Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDIE File Download Dialog VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDACCEPTEDKAME IKE Daemon Improper Hash Value HandlingRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows Server 2003 H.323 Protocol Remote Code Execution VulnerabilityMicrosoft Windows Server 2003H.323Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.Jonathan BakerINTERIMACCEPTEDACCEPTEDRacoon IKE Daemon Unauthorized X.509 Certificate Connection VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows NT IIS Cross-site Scripting VulnerabilitiesMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDSolaris Xsun and Xprt Unspecified Local Privilege EscalationSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10XsunUnspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Cross-site Scripting VulnerabilitiesMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Squid ACL Bypass VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDLinux Kernel ISO9660 File System Component BORed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSolaris 8 mibiisa Remote Buffer Overflow VulnerabilitySun Solaris 8mibiisaBuffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.David ProulxACCEPTEDLinux Kernel ip_setsockopt Integer OverflowRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIIS5.0 Windows Media Services Large POST VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.Christine WalzerINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Mozilla Zombie Document VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows 2000 Media Services ISAPI Logging VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.Christine WalzerINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.23)HP-UX 11Operating SystemUnknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDIIS WebDAV Request Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIIS showcode.asp Sample File VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.Christine WalzerINTERIMACCEPTEDACCEPTEDIIS5.0 Script Source Access VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Out of Process Privilege Elevation VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows NT IIS Out of Process Privilege Elevation VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 OpenSSL Kerberos Handshake VulnerabilityRed Hat Enterprise Linux 3OpenSSLThe SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.Matt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIIS5.0 Specialized Header VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.Christine WalzerINTERIMACCEPTEDACCEPTEDIE URLMON Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDACCEPTEDMS IE HTML Directive Buffer OverflowMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows Server 2003 ASN.1 Library Double-free Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft ASN.1 LibraryDouble-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.David ProulxINTERIMACCEPTEDACCEPTEDZone Spoofing through Malformed Web Page VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDIE Slash Characters in Type Property VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDACCEPTEDIE File Execution User-prompt Bypass VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDIE Cached Content Command Execution VulnerabilityMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.Tiffany BergeronINTERIMACCEPTEDACCEPTEDWindows 2000 IIS HTTP Error Page Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.Harvey RubinovitzACCEPTEDWindows Server 2003 LSASS Buffer Overflow (Sasser Worm VulnerabilityMicrosoft Windows Server 2003Local Security Authority Subsystem Service (LSASS)Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.Andrew ButtnerINTERIMACCEPTEDACCEPTEDMicrosoft Office Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.Robert L. HollisINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Mozilla Bypass Cookie Access Restrictions VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the KSSL Kernel Module May Lead to a System PanicSun Solaris 10Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDIIS4.0 Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 S/MIME Protocol Denial of Service VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIIS ASP Source Code Access VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the IP Implementation for Solaris 8 and 9 May Allow a Denial of ServiceSun Solaris 8Sun Solaris 9Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 IIS System File Listing Privilege Elevation VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows NT Local Descriptor Table Kernel Access VulnerabilityMicrosoft Windows NTLocal Descriptor Table (LDT)The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.Jonathan BakerINTERIMACCEPTEDACCEPTEDCSNW Remote Buffer Overflow via Network Messages (Server 2003,SP1)Microsoft Windows Server 2003NetWareThe Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris 7 CDE ToolTalk Database Null Write VulnerabilitySun Solaris 7CDECDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows NT IIS System File Listing Privilege Elevation VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Client Service for NetWare Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemStack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyDEPRECATEDDEPRECATEDWindows 2000 H.323 Protocol Remote Code Execution VulnerabilityMicrosoft Windows 2000H.323Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.Jonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Agent Security Prompt Spoofing Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft AgentMicrosoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Ethereal Denial of Service via 0-Length Presentation Protocol SelectorRed Hat Enterprise Linux 3Red Hat Enteprise Linux3Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector.Jay BealeJay BealeJay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows Server 2003 Help Center Command Insertion VulnerabilityMicrosoft Windows Server 2003Help and Support Center (HSC)Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.Harvey RubinovitzHarvey RubinovitzINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDSolaris 10 Systems May Panic or Hang When Running Certain DTrace D ProgramsSun Solaris 10Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDWindows NT SSL PCT Handshake VulnerabilityMicrosoft Windows NTPrivate Communications Transport (PCT)Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.Andrew ButtnerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDRed Hat OpenSSL Improper Unknown Message Handling VulnerabilityRed Hat Linux 9OpenSSLOpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.Matt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDServer 2003 COM Structured Storage VulnerabilityMicrosoft Windows Server 2003COM Internet ServicesWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."Christine WalzerChristine WalzerDRAFTINTERIMACCEPTEDACCEPTEDWindows XP RPCSS DCOM Buffer Overflow (Blaster)Microsoft Windows XPRemote Procedure Call (RPC)A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.Christine WalzerINTERIMACCEPTEDACCEPTEDIIS Denial of Service via WebDAVMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.Tiffany BergeronINTERIMIngrid SkoogACCEPTEDACCEPTEDSolaris 8 RPC xdr_array Buffer OverflowSun Solaris 8libnslInteger overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.David ProulxMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX 11.04 Path MTU Discovery Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows XP LSASS Buffer Overflow (Sasser Worm Vulnerability)Microsoft Windows XPLocal Security Authority Subsystem Service (LSASS)Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows NT WMF/EMF Buffer OverflowMicrosoft Windows NTEnhanced Metafile (EMF)Windows Metafile (WMF)Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows 2000 winlogon Remote Buffer OverflowMicrosoft Windows 2000Windows logon process (winlogon)Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows NT winlogon Remote Buffer OverflowMicrosoft Windows NTWindows logon process (winlogon)Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDACCEPTEDServer 2003 RPCSS DCOM Buffer OverflowMicrosoft Windows Server 2003Remote Procedure Call (RPC)A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.Christine WalzerDRAFTWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 3)Microsoft Windows 2000Remote Procedure Call (RPC)A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.Christine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 SSL Library Denial of ServiceMicrosoft Windows 2000Secure Sockets Layer (SSL)The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.David ProulxINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Ethereal Denial of Service via Malformed RADIUS PacketRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.Jay BealeJay BealeJay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows 2000 Local Descriptor Table Kernel Access VulnerabilityMicrosoft Windows 2000Local Descriptor Table (LDT)The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.Jonathan BakerINTERIMACCEPTEDACCEPTEDWindows 2000 MUP UNC Request Buffer OverflowMicrosoft Windows 2000Multiple UNC Provider (MUP)Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.Tiffany BergeronACCEPTEDWindows XP SSL PCT Handshake VulnerabilityMicrosoft Windows XPPrivate Communications Transport (PCT)Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMultiple BO Vulnerabilities in Red Hat Enterprise 3 EtherealRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.Jay BealeJay BealeJay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows XP SSL Library Denial of ServiceMicrosoft Windows XPSecure Sockets Layer (SSL)The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.David ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDWindows Server 2003 SSL Library Denial of ServiceMicrosoft Windows Server 2003Secure Sockets Layer (SSL)The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.David ProulxINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDWindows 2000 LSASS Buffer Overflow (Sasser Worm Vulnerability)Microsoft Windows 2000Local Security Authority Subsystem Service (LSASS)Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.Tiffany BergeronINTERIMACCEPTEDACCEPTEDOutlook Express v5.5,SP2 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDBourne Shell Local-DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Operating SystemThe Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRed Hat Ethereal Denial of Service via 0-Length Presentation Protocol SelectorRed Hat Linux 9Red Hat 9Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector.Jay BealeJay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDEthereal SPNEGO Dissoector Denial of Service VulnerabilityRed Hat Linux 9EtherealThe SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Ethereal Denial of Service via Malformed RADIUS PacketRed Hat Linux 9Red Hat 9The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.Jay BealeJay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMultiple BO Vulnerabilities in Red Hat EtherealRed Hat Linux 9Red Hat 9Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.Jay BealeJay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Squid ACL Bypass VulnerabilityRed Hat Linux 9Red Hat 9The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDApache 2 Denial of Service due to Memory Leak in mod_sslRed Hat Enterprise Linux 3httpdMemory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.Jay BealeJay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDXMLSoft Libxml2 Code Execution VulnerabilityRed Hat Enterprise Linux 3libxml2Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.Jay BealeJay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Mozilla Zombie Document VulnerabilityRed Hat Linux 9mozillaMozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Mozilla Bypass Cookie Access Restrictions VulnerabilityRed Hat Linux 9mozillaMozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat S/MIME Protocol Denial of Service VulnerabilityRed Hat Linux 9mozillaMultiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 OpenSSL Improper Unknown Message Handling VulnerabilityRed Hat Enterprise Linux 3OpenSSLOpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.Matt BusbyMatt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 OpenSSL do_change_cipher_spec Function Denial of ServiceRed Hat Enterprise Linux 3OpenSSLThe do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.Matt BusbyMatt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSNMPv1 Request Handling DoS and Privilege EscalationMicrosoft Windows NTSimple Network Management Protocol (SNMP)Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Harvey RubinovitzACCEPTEDNet-SNMP MIB Information Disclosure VulnerabilityRed Hat Enterprise Linux 3Net-SNMPNet-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.Matt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDLinux Kernel eflags Checking Privilege Escalation VulnerabilityRed Hat Enterprise Linux 3Linux kernelUnknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.Matt BusbyMatt BusbyINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Linux Kernel do_mremap Denial of Service VulnerabilityRed Hat Enterprise Linux 3Linux kernelThe mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.Matt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 CVS Server root Directory Access VulnerabilityRed Hat Enterprise Linux 3CVS serverCVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.Jay BealeMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the TCP Loopback/Fusion Code May Lead to a System Hang Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 kdepim VCF File Information Reader BORed Hat Enterprise Linux 3KDE Personal Information Management (kdepim)Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.Jay BealeINTERIMMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Multiple stack-based BO Vulnerabilities in ApacheRed Hat Enterprise Linux 3ApacheMultiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.Jay BealeMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Multiple stack-based BO Vulnerabilities in ApacheRed Hat Linux 9httpdMultiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.Jay BealeMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 sysstat port and trigger Scripts symlink Attack VulnerabilityRed Hat Enterprise Linux 3SysstatThe (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.Jay BealeMatt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDrpc.mountd Denial of Service via NFS MountRed Hat Enterprise Linux 3nfs-utils packagesrpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.Jay BealeMatt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Linux Kernel do_mremap Denial of Service VulnerabilityRed Hat Linux 9Linux kernelThe mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSolaris 8 LBXProxy Display Name Buffer OverflowSun Solaris 8lbxproxyBuffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.David ProulxACCEPTEDRed Hat Kernel Real Time Clock Data LeakageRed Hat Linux 9Linux kernelReal time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat kdepim VCF File Information Reader BORed Hat Linux 9KDE Personal Information Management (kdepim)Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDEthereal Malformed Q.931 Packet VulnerabilityRed Hat Linux 9TetherealThe Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDEthereal Malformed SMB Packet VulnerabilityRed Hat Linux 9EtherealThe SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat CVS Server root Directory Access VulnerabilityRed Hat Linux 9CVS serverCVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRHE3 tcpdump DoS via ISAKMP Packets IIRed Hat Enterprise Linux 3tcpdumpThe rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.Jay BealeACCEPTEDMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 tcpdump Denial of Service via print_attr_string FunctionRed Hat Enterprise Linux 3tcpdumpThe print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRHE3 tcpdump DoS via ISAKMP PacketsRed Hat Enterprise Linux 3tcpdumptcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat tcpdump Denial of Service via ISAKMP Packets IIRed Hat Linux 9tcpdumpThe rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat tcpdump Denial of Service via print_attr_string FunctionRed Hat Linux 9tcpdumpThe print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat sysstat port and trigger Scripts symlink Attack VulnerabilityRed Hat Linux 9sysstatThe (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.Jay BealeMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (64-bit WinXP,SP1)Microsoft Windows XPOperating SystemBuffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRed Hat tcpdump Denial of Service via ISAKMP PacketsRed Hat Linux 9tcpdumptcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat gdk-pixbuf Denial of ServiceRed Hat Linux 9gdk-pixbufgdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.Jay BealeINTERIMMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 gdk-pixbuf Denial of ServiceRed Hat Enterprise Linux 3gdk-pixbufgdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.Jay BealeINTERIMMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMSN Messenger Remote File Access VulnerabilityMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003MSN MessengerMicrosoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.Christine WalzerINTERIMAndrew ButtnerACCEPTEDACCEPTEDMS Outlook Argument Injection Local VulnerabilityMicrosoft Windows 95Microsoft OutlookArgument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDMS Windows Media Service Denial of ServiceMicrosoft Windows 2000Windows Media ServicesUnknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.Tiffany BergeronINTERIMJohn HoylandINTERIMJohn HoylandJeff ChengJeff ChengINTERIMUnhandled Exception VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemUnspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDApache HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDEthereal 0.9.12 Vulnerability in OSI DissectorRed Hat Linux 9EtherealThe OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDmod_python Web Server Denial of ServiceRed Hat Linux 9mod_pythonUnknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDRed Hat Enterprise 3 Mutt BO in Index MenuRed Hat Enterprise Linux 3MuttBuffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.Jay BealeACCEPTEDMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Linux Kernel do_mremap Privilege Escalation VulnerabilityRed Hat Linux 9mremapThe do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDVicam USB Driver Data Copy VulnerabilityRed Hat Linux 9Vicam USB driverThe Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Kernel ncp_lookup Function BORed Hat Linux 9Linux kernelStack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Kernel R128 DRI Limits Checking VulnerabilityRed Hat Linux 9Linux kernelUnknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDA Security Vulnerability in lbxproxy(1) may Allow Unauthorized Read Access to FilesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDXMLSoft Libxml2 Code Execution VulnerabilityRed Hat Enterprise Linux 3XMLSoft Libxml2Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.Jay BealeMatt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDXFree86 Improper Handling of Font FilesRed Hat Enterprise Linux 3XFree86Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDXFree86 Buffer Overflow in CopyISOLatin1Lowered FunctionRed Hat Enterprise Linux 3XFree86Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.Jay BealeMatt BusbyMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDXFree86 Buffer Overflow in dirfileRed Hat Enterprise Linux 3XFree86Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.Jay BealeMatt BusbyMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 3-Function Buffer OverflowMicrosoft Windows 2000MicrosoftSQL ServerBuffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.Yi-Fang KohIngrid SkoogINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDOpenOffice_org WMF buffer overflowsNovell Linux Desktop 9SUSE Linux 10.1SUSE Linux 10.0SUSE Linux Professional 9.3SUSE Linux Desktop 1.0SUSE Linux Enterprise Desktop 10OpenOffice_org1OpenOffice_org1-arOpenOffice_org1-caOpenOffice_org1-csOpenOffice_org1-daOpenOffice_org1-deOpenOffice_org1-elOpenOffice_org1-enOpenOffice_org1-esOpenOffice_org1-etOpenOffice_org1-fiOpenOffice_org1-frOpenOffice_org1-gnomeOpenOffice_org1-huOpenOffice_org1-itOpenOffice_org1-jaOpenOffice_org1-kdeOpenOffice_org1-koOpenOffice_org1-nlOpenOffice_org1-plOpenOffice_org1-ptOpenOffice_org1-ruOpenOffice_org1-skOpenOffice_org1-slOpenOffice_org1-svOpenOffice_org1-trOpenOffice_org1-zh-CNOpenOffice_org1-zh-TWOpenOffice_orgOpenOffice_org-afOpenOffice_org-be-BYOpenOffice_org-bgOpenOffice_org-caOpenOffice_org-csOpenOffice_org-cyOpenOffice_org-daOpenOffice_org-deOpenOffice_org-elOpenOffice_org-enOpenOffice_org-en-GBOpenOffice_org-esOpenOffice_org-etOpenOffice_org-fiOpenOffice_org-frOpenOffice_org-galleriesOpenOffice_org-gnomeOpenOffice_org-gu-INOpenOffice_org-hrOpenOffice_org-huOpenOffice_org-hunspellOpenOffice_org-itOpenOffice_org-jaOpenOffice_org-kdeOpenOffice_org-koOpenOffice_org-monoOpenOffice_org-nbOpenOffice_org-nlOpenOffice_org-nnOpenOffice_org-officebeanOpenOffice_org-pa-INOpenOffice_org-plOpenOffice_org-ptOpenOffice_org-pt-BROpenOffice_org-ruOpenOffice_org-skOpenOffice_org-slOpenOffice_org-svOpenOffice_org-trOpenOffice_org-viOpenOffice_org-xhOpenOffice_org-zh-CNOpenOffice_org-zh-TWOpenOffice_org-zuMultiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.Thomas R. JonesDRAFTJonathan BakerINTERIMACCEPTEDACCEPTEDcpe://novell:linux_desktop:9cpe://novell:suse_linux:10.1cpe://novell:suse_linux:10.0cpe://novell:suse_linux:9.3:procpe://novell:suse_linux:1.0:desktopcpe://novell:suse_linux_enterprise:10:desktopcpe:///novell:OpenOffice_org1cpe:///novell:OpenOffice_org1-arcpe:///novell:OpenOffice_org1-cacpe:///novell:OpenOffice_org1-cscpe:///novell:OpenOffice_org1-dacpe:///novell:OpenOffice_org1-decpe:///novell:OpenOffice_org1-elcpe:///novell:OpenOffice_org1-encpe:///novell:OpenOffice_org1-escpe:///novell:OpenOffice_org1-etcpe:///novell:OpenOffice_org1-ficpe:///novell:OpenOffice_org1-frcpe:///novell:OpenOffice_org1-gnomecpe:///novell:OpenOffice_org1-hucpe:///novell:OpenOffice_org1-itcpe:///novell:OpenOffice_org1-jacpe:///novell:OpenOffice_org1-kdecpe:///novell:OpenOffice_org1-kocpe:///novell:OpenOffice_org1-nlcpe:///novell:OpenOffice_org1-plcpe:///novell:OpenOffice_org1-ptcpe:///novell:OpenOffice_org1-rucpe:///novell:OpenOffice_org1-skcpe:///novell:OpenOffice_org1-slcpe:///novell:OpenOffice_org1-svcpe:///novell:OpenOffice_org1-trcpe:///novell:OpenOffice_org1-zh-CNcpe:///novell:OpenOffice_org1-zh-TWcpe:///novell:OpenOffice_orgcpe:///novell:OpenOffice_org-afcpe:///novell:OpenOffice_org-be-BYcpe:///novell:OpenOffice_org-bgcpe:///novell:OpenOffice_org-cacpe:///novell:OpenOffice_org-cscpe:///novell:OpenOffice_org-cycpe:///novell:OpenOffice_org-dacpe:///novell:OpenOffice_org-decpe:///novell:OpenOffice_org-elcpe:///novell:OpenOffice_org-encpe:///novell:OpenOffice_org-en-GBcpe:///novell:OpenOffice_org-escpe:///novell:OpenOffice_org-etcpe:///novell:OpenOffice_org-ficpe:///novell:OpenOffice_org-frcpe:///novell:OpenOffice_org-galleriescpe:///novell:OpenOffice_org-gnomecpe:///novell:OpenOffice_org-gu-INcpe:///novell:OpenOffice_org-hrcpe:///novell:OpenOffice_org-hucpe:///novell:OpenOffice_org-hunspellcpe:///novell:OpenOffice_org-itcpe:///novell:OpenOffice_org-jacpe:///novell:OpenOffice_org-kdecpe:///novell:OpenOffice_org-kocpe:///novell:OpenOffice_org-monocpe:///novell:OpenOffice_org-nbcpe:///novell:OpenOffice_org-nlcpe:///novell:OpenOffice_org-nncpe:///novell:OpenOffice_org-officebeancpe:///novell:OpenOffice_org-pa-INcpe:///novell:OpenOffice_org-plcpe:///novell:OpenOffice_org-ptcpe:///novell:OpenOffice_org-pt-BRcpe:///novell:OpenOffice_org-rucpe:///novell:OpenOffice_org-skcpe:///novell:OpenOffice_org-slcpe:///novell:OpenOffice_org-svcpe:///novell:OpenOffice_org-trcpe:///novell:OpenOffice_org-vicpe:///novell:OpenOffice_org-xhcpe:///novell:OpenOffice_org-zh-CNcpe:///novell:OpenOffice_org-zh-TWcpe:///novell:OpenOffice_org-zuPackage OpenOffice_org-kde is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-kde is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org1-nl is installedSUSE Linux Professional 9.3Package OpenOffice_org1-nl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-sl is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-sl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-ja is installedSUSE Linux Professional 9.3Package OpenOffice_org1-ja is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-ru is installedSUSE Linux Professional 9.3Package OpenOffice_org1-ru is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-sv is installedSUSE Linux Professional 9.3Package OpenOffice_org1-sv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-zh-TW is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-zh-TW is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-it is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-it is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org1-ko is installedSUSE Linux Professional 9.3Package OpenOffice_org1-ko is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-zh-TW is installedSUSE Linux Professional 9.3Package OpenOffice_org1-zh-TW is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-da is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-da is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-galleries is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-galleries is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-zh-CN is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-zh-CN is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-ja is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-ja is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-af is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-af is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-en is installedSUSE Linux Professional 9.3Package OpenOffice_org1-en is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-ca is installedSUSE Linux Professional 9.3Package OpenOffice_org1-ca is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-gnome is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-gnome is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org1-pt is installedSUSE Linux Professional 9.3Package OpenOffice_org1-pt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-sk is installedSUSE Linux Professional 9.3Package OpenOffice_org1-sk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-hunspell is installedSUSE Linux 10.0Package OpenOffice_org-hunspell is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0Package OpenOffice_org-ca is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-ca is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-pt-BR is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-pt-BR is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-pa-IN is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-pa-IN is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-sv is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-sv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-en-GB is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-en-GB is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-fi is installedSUSE Linux Professional 9.3Package OpenOffice_org1-fi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-nb is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-nb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-el is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-el is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-pl is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-pl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org1-ar is installedSUSE Linux Professional 9.3Package OpenOffice_org1-ar is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-kde is installedSUSE Linux Professional 9.3Package OpenOffice_org1-kde is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-sl is installedSUSE Linux Professional 9.3Package OpenOffice_org1-sl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-cs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-cs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-hr is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-hr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-tr is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-tr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-es is installedSUSE Linux Professional 9.3Package OpenOffice_org1-es is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-it is installedSUSE Linux Professional 9.3Package OpenOffice_org1-it is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-de is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-de is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org1-et is installedSUSE Linux Professional 9.3Package OpenOffice_org1-et is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-et is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-et is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-fr is installedSUSE Linux Professional 9.3Package OpenOffice_org1-fr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-pt is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-pt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-ar is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-ar is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-el is installedSUSE Linux Professional 9.3Package OpenOffice_org1-el is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-nl is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-nl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org1-zh-CN is installedSUSE Linux Professional 9.3Package OpenOffice_org1-zh-CN is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-es is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-es is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-officebean is installedopenSUSE 10.2SUSE Linux 10.1Package OpenOffice_org-officebean is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-de is installedSUSE Linux Professional 9.3Package OpenOffice_org1-de is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-pl is installedSUSE Linux Professional 9.3Package OpenOffice_org1-pl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-nn is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-nn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-xh is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-xh is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-fi is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-fi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-be-BY is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-be-BY is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-bg is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-bg is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-ru is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-ru is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-hu is installedSUSE Linux Professional 9.3Package OpenOffice_org1-hu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-cs is installedSUSE Linux Professional 9.3Package OpenOffice_org1-cs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-ko is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-ko is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-gnome is installedSUSE Linux Professional 9.3Package OpenOffice_org1-gnome is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-gu-IN is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-gu-IN is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org-cy is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-cy is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1-tr is installedSUSE Linux Professional 9.3Package OpenOffice_org1-tr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org1-da is installedSUSE Linux Professional 9.3Package OpenOffice_org1-da is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proPackage OpenOffice_org-vi is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-vi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1mod_python Web Server Denial of ServiceRed Hat Linux 9mod_pythonUnknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in rm(1) may Lead to Unauthorized Deletion of Files or DirectoriesSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDSamba mksmboasswd Disabled Account Creation VulnerabilityRed Hat Enterprise Linux 3Samba 3.0.0 and 3.0.1The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage OpenOffice_org-zu is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package OpenOffice_org-zu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1Package OpenOffice_org1 is installedSUSE Linux Professional 9.3Package OpenOffice_org1 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9.3::proRedHat Enterprise 3 Code Execution and DoS Vulnerabilities in PWLibRed Hat Enterprise Linux 3PWLibMultiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Linux Kernel do_mremap Privilege Escalation VulnerabilityRed Hat Enterprise Linux 3mremapThe do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage OpenOffice_org-sk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-sk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopKonqueror Cookie Access Restrictions Bypass VulnerabilityRed Hat Linux 9KDEKonqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage OpenOffice_org-hu is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-hu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage OpenOffice_org-mono is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-mono is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopMidnight Commander vfs_s_resolve_symlink BORed Hat Linux 9Midnight CommanderStack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage OpenOffice_org-fr is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package OpenOffice_org-fr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopslocate Privilege Escalation VulnerabilityRed Hat Linux 9slocateHeap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDGaim / Ultramagnetic directIM Packet VulnerabilityRed Hat Linux 9GaimInteger overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMicrosoft RPC Denial of ServiceMicrosoft Windows 2000Microsoft SQL Server 2000Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.Tiffany BergeronJonathan BakerINTERIMIngrid SkoogACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDGaim / Ultramagnetic Extract Info Field Function BORed Hat Linux 9GaimBuffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDGaim / Ultramagnetic BO VulnerabilitiesRed Hat Linux 9GaimMultiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRHE3 Firefox and Mozilla Shared Object Code ExecutionRed Hat Enterprise Linux 3mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (Win2k,SP4)Microsoft Windows 2000Operating SystemCOM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMailman Cross-site Scripting Vulnerability IIRed Hat Linux 9MailmanCross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMailman Cross-site Scripting VulnerabilityRed Hat Linux 9MailmanCross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing on Double Byte Character Set Systems VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDOutlook Express 6 (S03-Gold) WAB Remote Code Execution VulnerabilityMicrosoft Windows Server 2003Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRed Hat Mutt BO in Index MenuRed Hat Linux 9MuttBuffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.Jay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 netpbm File Overwrite VulnerabilityRed Hat Enterprise Linux 3netpbmnetpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows NT IIS HTTP Error Page Cross-site ScriptingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.Tiffany BergeronACCEPTEDXFree86 Font File Handling VulnerabilityRed Hat Linux 9XFree86Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRHE4 XBL Script Security Bypass VulnerabilityRed Hat Enterprise Linux 4mozillaFirefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0, SP1 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRed Hat XFree86 Buffer Overflow in ReadFontAlias IIRed Hat Linux 9XFree86Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRed Hat XFree86 Buffer Overflow in ReadFontAliasRed Hat Linux 9XFree86Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Travel Log Cross Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRed Hat netpbm File Overwrite VulnerabilityRed Hat Linux 9netpbmnetpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRedHat Code Execution and DoS Vulnerabilities in PWLibRed Hat Linux 9PWLibMultiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.Jay BealeMatt BusbyACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows Server 2003 WINS Buffer OverflowMicrosoft Windows Server 2003Windows Internet Naming Service (WINS)The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows NT Terminal Server WINS Buffer OverflowMicrosoft Windows NTWindows Internet Naming Service (WINS)The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows NT WINS Buffer OverflowMicrosoft Windows NTWindows Internet Naming Service (WINS)The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDSolaris 7 CDE ToolTalk Database Symbolic Link VulnerabilitySun Solaris 7CDECDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDSMB Rename VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemUnspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Server 2003 ASN.1 Library Integer Overflow VulnerabilitiesMicrosoft Windows Server 2003Microsoft ASN.1 LibraryMultiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.Andrew ButtnerINTERIMACCEPTEDACCEPTEDOffice 2002 Remote Code Execution via Malformed Routing SlipMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeBuffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows XP ASN.1 Library Integer Overflow VulnerabilitiesMicrosoft Windows XPMicrosoft ASN.1 LibraryMultiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows NT ASN.1 Library Integer Overflow VulnerabilitiesMicrosoft Windows NTMicrosoft ASN.1 LibraryMultiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows Script Engine Heap Overflow (Test 3)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.5Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWindows Script Engine Heap Overflow (Test 2)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.1Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE6:XP,SP2 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 Double Byte Character Parsing Memory Corruption (Win2K/WinXP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDIE6 COM Object Instantiation Memory Corruption (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE6:Server 2003 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDSolaris 8 RWall Daemon Syslog Format String VulnerabilitySun Solaris 8rpc.rwalldFormat string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE6,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE6 HTML Parsing Vulnerability (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Install Engine Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDNetwork Connection Manager Interruption of Service (Server 2003,SP1)Microsoft Windows Server 2003Operating Systemnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDusermod Recursive Ownership Error (B.11.11)HP-UX 11ApacheUnspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows 2000 Telnet Environment Disclosure VulnerabilityMicrosoft Windows 2000Services for UNIXThe Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDWindows Server 2003 Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows Server 2003Operating SystemStack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE6 for Server 2003 PNG Image Buffer OverflowMicrosoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRHE3 InstallVersion.compareTo() DoS and Code Execution VulnerabilityRed Hat Enterprise Linux 3mozillaFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 Path MTU Discovery Attack VulnerabilityMicrosoft Windows Server 2003Microsoft Word 2003Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Directory Traversal Command Execution (Test 1)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Tiffany BergeronTiffany BergeronACCEPTEDINTERIMACCEPTEDACCEPTEDWindows XP Kernel Debugger-based Buffer Overflow (Test 2)Microsoft Windows XPWindows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDLSASS Privilege Escalation Vulnerability (Windows 2000)Microsoft Windows 2000Local Security Authority Subsystem Service (LSASS)LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDACCEPTEDWindows 2000 CSRSS Privilege Escalation VulnerabilityMicrosoft Windows 2000Client Server Runtime System (CSRSS)Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDACCEPTEDIE5.01,SP4 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft MDAC 2.8 Broadcast Response Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Data Access Compnents 2.8Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDIE v6.0,SP1 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRHE3 Mozilla top.focus() Cross-Site Scripting VulnerabilityRed Hat Enterprise Linux 3mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDHP-UX Usermod Local Unauthorized Access Vulnerability instead of usermod Recursive Ownership Error.HP-UX 11ApacheUnspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMNabil OuchnACCEPTEDACCEPTEDIE v6.0 Install Engine Buffer OverflowMicrosoft Windows XPMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE6,SP1 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE v5.5 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxACCEPTEDServer 2003,SP1 Color Management Module Buffer OverflowMicrosoft Windows Server 2003Microsoft Color Management ModuleBuffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDExcel Malformed Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.10.01, B.10.10)HP-UX 10ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX Trusted Mode remshd Remote Unauthorized Access (B.11.00)HP-UX 11remshdUnknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDGNU GZip CHMod File Permission Modification Race ConditionWeaknessSun Solaris 8Sun Solaris 9Sun Solaris 10gzipRace condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDExcel 2002 Remote Code Execution via Malformed RecordMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeStack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 5)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft SharePoint Team ServicesUnknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMGlenn StricklandINTERIMIE v5.01,SP3 SSL Cached Content VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDScript Error Handling Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMMatthew WojcikACCEPTEDACCEPTEDApache HTTP Byte-range DoS VulnerabilityHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Process Handle Duplication Privilege EscalationMicrosoft Windows 2000Windows 2000smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.Tiffany BergeronACCEPTEDRHE4 Firefox and Mozilla Framed Site Spoofing VulnerabilityRed Hat Enterprise Linux 4mozillaA regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDSun Java System Access Manager Local Authentication Bypass VulnerabilitySun Solaris 10Sun Solaris 9Access ManagerUnspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDExcel Malformed Palette Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelHeap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Excel Malformed LABEL record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft MDAC 2.7 Broadcast Response Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Data Access Compnents 2.7Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDEthereal 0.9.12 Vulnerability in DCERPC DissectorRed Hat Linux 9EtherealUnknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE v6.0,SP2 for Server 2003 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDbzip2 Decompression BombRed Hat Enterprise Linux 3bzip2bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDpatch IE7-KB928090-WindowsServer2003-x64-enu.exe should be installedMicrosoft Windows XPMicrosoft Internet Explorer 7The patch IE7-KB928090-WindowsServer2003-x64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDWinsock Hostname VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemBuffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWord Malformed Data Structures VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordUnspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 (XP) Travel Log Cross Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDACCEPTEDIE v5.5,SP2 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAndrew SimmonsINTERIMACCEPTEDACCEPTEDGaim DoS via Yahoo! MessageRed Hat Enterprise Linux 3GaimGaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 5)Microsoft Windows 2000Microsoft FrontPage Server Extensions 2000Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Tiffany BergeronAndrew ButtnerINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDRHE3 Improper Handling of Synthetic Events in MozillaRed Hat Enterprise Linux 3mozillaThe browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Smart Tag Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris 7 CDE dtspcd Buffer OverflowSun Solaris 7dtspcdBuffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDRedirect Cross-Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerCross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDMIT Kerberos 5 Key Distribution Center Remote Denial of Service VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10KerberosHeap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (apllication crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDApache Integer Overflow in pcre_compile.cHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 (XP) HijackClick VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDInteger Overflow Vulnerabilities in Ethereal 0.9.11Red Hat Linux 9EtherealMultiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDRHE4 Firefox and Mozilla DOM Node SpoofingRed Hat Enterprise Linux 4mozillaFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11 Perl rmtree Race ConditionHP-UX 11PerlRace condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDKorean IME Privilege Elevation Vulnerability in Office 2003 and AccessoriesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemThe ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11.00 ICMP Source Quench Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Name Buffer Overrun VulnerabilitiesSun Solaris 9Sun Solaris 8Sun Solaris 7Operating SystemMultiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDDNS Client Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemBuffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDServer 2003 Web Client Service Buffer OverflowMicrosoft Windows Server 2003Web Client ServiceBuffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDWindows NT Variant of Chunked Encoding Buffer OverrunMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDpatch IE7-KB928090-WindowsServer2003-x64-enu.exe should be installedMicrosoft Windows Server 2003Microsoft Internet Explorer 7The patch IE7-KB928090-WindowsServer2003-x64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDgftp Directory Traversal VulnerabilityRed Hat Enterprise Linux 3gftpDirectory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.Jay BealeDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDWebClient Service Unchecked Buffer Remote Code Execution (64-bit XP,SP1)Microsoft Windows XPOperating SystemBuffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWin2k Embedded Web Font VulnerabilityMicrosoft Windows 2000Operating SystemHeap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWindows 2000 Hyperlink Object Library Unchecked Buffer VulnerabilityMicrosoft Windows 2000Hyperlink Object LibraryThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDAnimated Cursor Denial of Service (NT 4.0)Microsoft Windows NTWindows Animated CursorThe Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDImageMagick Buffer Overflow in ReadPNMImage()Red Hat Enterprise Linux 3ImageMagickHeap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDIE6 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPrivilege Escalation Using Cached Admin ConnectionMicrosoft Windows 2000Microsoft SQL Server 2000An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.Yi-Fang KohACCEPTEDJonathan BakerJonathan BakerINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDFlash Improper Memory Access Arbitrary Code Execution VulnerabilityMicrosoft Windows XPFlash PlayerUnspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (64-bit XP,SP1)Microsoft Windows XPOperating SystemWindows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 WINS Buffer OverflowMicrosoft Windows 2000Windows Internet Naming Service (WINS)The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDSolaris Privilege Escalation/DoS Vulnerability (6293270)Sun Solaris 9Sun Solaris 10Operating SystemUnspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWMF Rendering Code Execution Vulnerability (64-bit Windows XP and Server 2003,SP1)Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemMultiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWord Macro VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordMicrosoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 CDE dtspcd Buffer OverflowSun Solaris 8dtspcdBuffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDSolaris 8 kcms_configure Command-Line Buffer OverflowSun Solaris 8kcms_configurekcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.David ProulxACCEPTEDMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 4)Microsoft Windows NTMicrosoft FrontPage Server Extensions 2000Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDWinXP,SP2 Embedded Web Font VulnerabilityMicrosoft Windows XPOperating SystemHeap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6,SP1 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMS Excel 2002 Malicious Macro Security Bypass VulnerabilityMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Excel 2002Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.Andrew ButtnerINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDMatthew WojcikINTERIMJohn HoylandACCEPTEDACCEPTEDVisual Basic for Applications VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Visual BasicBuffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v5.5 Temporary Internet Files folders Name Reading VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."Harvey RubinovitzACCEPTEDACCEPTEDOff-by-one Vulnerabilities in Ethereal 0.9.11Red Hat Linux 9EtherealMultiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDACCEPTEDHP-UX 11.23 ICMP Source Quench Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (Server 2003,SP1)Microsoft Windows Server 2003TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSuppressed: Duplicate of OVAL1959Microsoft Windows XPMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMJonathan BakerIngrid SkoogACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDpatch IE7-KB929969-WindowsXP-x86-enu.exe should be installedMicrosoft Windows XPMicrosoft Internet Explorer 7The patch IE7-KB929969-WindowsXP-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDWebClient Service Unchecked Buffer Remote Code Execution (XP,SP1)Microsoft Windows XPOperating SystemBuffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Agent Security Prompt Spoofing Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft AgentMicrosoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDFlaw in Windows WM_TIMER Message Handling Could Enable Privilege ElevationMicrosoft Windows NTNetDDE AgentNetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."Ingrid SkoogDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDSolaris 7 admintool Local Buffer OverflowSun Solaris 7AdmintoolBuffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.David ProulxMatthew WojcikMatthew WojcikMatthew WojcikINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDIE7-KB929969-WindowsServer2003-ia64-enu.exe should be installedMicrosoft Windows Server 2003Microsoft Internet Explorer 7The patch IE7-KB929969-WindowsServer2003-ia64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDWindows Server 2003 (64-Bit) Unchecked Buffer in NetDDEMicrosoft Windows Server 2003NetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDTCP/IP IGMP v3 Denial of Service (Server 2003,SP1)Microsoft Windows Server 2003Operating SystemMicrosoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla XML Parser Read Beyond Buffer BugMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPostgreSQL Character Conversion VulnerabilityRed Hat Enterprise Linux 3postgresqlPostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDMS Excel 97 Malicious Macro Security Bypass VulnerabilityMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Excel 97Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.Andrew ButtnerINTERIMACCEPTEDIngrid SkoogINTERIMMatthew WojcikINTERIMWindows 2000 Kernel Elevation of Privilege VulnerabilityMicrosoft Windows 2000Operating SystemUnspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDEMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,Unpatched)Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemThe GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla JavaScript Garbage-Collection Hazards in jsinterp.cMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerRobert L. HollisACCEPTEDACCEPTEDSolaris 8 admintool Local Buffer OverflowSun Solaris 8AdmintoolBuffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.David ProulxMatthew WojcikMatthew WojcikMatthew WojcikINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows Media Format ASX Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Windows Media PlayerHeap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMS Word 2002 Macro Names Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2002Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.Andrew ButtnerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDypserv NIS Server Denial of ServiceRed Hat Linux 9ypservypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDCode Execution Vulnerability in XPDF PDF ViewerRed Hat Linux 9xpdfVarious PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDlpsched Local System Corruption VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Operating SystemMultiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Install Engine Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIIS ASP Function Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.David ProulxChristine WalzerINTERIMACCEPTEDACCEPTEDWindows (ME, NT, 2K, XP), IE v6,SP1 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDxinitd Memory Leak Invites Denial of Service AttackRed Hat Linux 9xinetdMemory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.Jay BealeINTERIMJay BealeJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows 2000 ASN.1 Library Integer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft ASN.1 LibraryMultiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.Andrew ButtnerINTERIMACCEPTEDACCEPTEDHP-UX 11.11 or 11.23 Path MTU Discovery Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDSolaris 7 kcms_configure Command-Line Buffer OverflowSun Solaris 7kcms_configurekcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.David ProulxACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.23)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDmikmod Long Filename Buffer OverflowRed Hat Enterprise Linux 3mikmodBuffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDLicense Logging Service Vulnerability (Terminal Server)Microsoft Windows NTMDAC 2.8The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbtirary code, aka the "License Logging Service Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDHP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.02)HP-UX 11SambaInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Trusted Domain LoopholeMicrosoft Windows 2000Windows 2000In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.Tiffany BergeronTiffany BergeronACCEPTEDINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows XP (64-Bit) DUNZIP Integer OverflowMicrosoft Windows XPCompressed FoldersInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.David ProulxDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDMicrosoft Office Malformed String Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeMSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string.Robert L. HollisINTERIMACCEPTEDACCEPTEDMMC Redirect Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Management ConsoleCross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRHE3 Firefox and Mozilla Framed Site Spoofing VulnerabilityRed Hat Enterprise Linux 3mozillaA regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDMS Excel 2000 Malicious Macro Security Bypass VulnerabilityMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Excel 2000Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.Christine WalzerACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDvsftpd Fails to Integrate with TCP WrappersRed Hat Linux 9vsftpdvsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDOffice Malformed Record Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 for Server 2003 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDup2date RPM GPG Signature Verification VulnerabilityRed Hat Linux 9up2dateup2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows 2000 Remote Access Service Phonebook Buffer OverflowMicrosoft Windows 2000Remote Access Service (RAS)Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.Tiffany BergeronACCEPTEDIE v6.0,SP1 (Server 2003) Function Pointer Drag and Drop VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 4)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft FrontPage Server Extensions 2002Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMGlenn StricklandINTERIMExchange Server 5.5 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDsysreport Plaintext Password LeakRed Hat Enterprise Linux 3sysreportsysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8, 9, 10 Blind Connection Reset Attack VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDSolaris 7 mibiisa Remote Buffer Overflow VulnerabilitySun Solaris 7mibiisaBuffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.David ProulxACCEPTEDUnZip 5.0 Directory Traversal VulnerabilityRed Hat Linux 9unzipDirectory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows XP,SP1 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows XPOperating SystemThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11.11 swagentd Denial of ServiceHP-UX 11swagentdUnspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.11)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDSqirrelMail Cross-site Scripting VulnerabilitiesRed Hat Linux 9SquirrelMailMultiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Install Engine Buffer OverflowMicrosoft Windows MEMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDHP-UX AutoRAID Critical Functionality IssueHP-UX 10AutoRAID ManagerPossible unknown vulnerability or vulnerabilities in HP DiskArray Utilities with AutoRAID Manager.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows NT Remote Access Service Phonebook Buffer OverflowMicrosoft Windows NTRemote Access Service (RAS)Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.Tiffany BergeronACCEPTEDWindows Server 2003 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows Server 2003Operating SystemThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE6 for Server 2003 File Disclosure via Redirects VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWorkstation Service Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPOperating SystemStack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 3)Microsoft Windows XPMicrosoft FrontPage Server Extensions 2000Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDServer 2003 Telnet Environment Disclosure VulnerabilityMicrosoft Windows Server 2003Services for UNIXThe Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01, SP4 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDSendmail BO in prescan FunctionRed Hat Linux 9SendmailThe prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMailslot Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SsytemHeap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.Robert L. HollisINTERIMACCEPTEDACCEPTEDSolaris 8 AdminTool Media Installation Path Buffer OverflowSun Solaris 8AdmintoolBuffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.David ProulxMatthew WojcikMatthew WojcikMatthew WojcikINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDCUPS Partial Print DOSRed Hat Linux 9CUPSCUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDHP-UX xterm Local Unauthorized Access due to Bad PatchHP-UX 11remshdUnspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDDenial of Service in Sendmail via the enhdnsbl FeatureRed Hat Linux 9SendmailThe DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDHP-UX 11.11 or 11.23 ICMP Source Quench Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPotential BO in Ruleset Parsing for SendmailRed Hat Linux 9SendmailA "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows Messenger 6 libpng Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMSN MessengerMultiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.23)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows 2000 NNTP Component Buffer OverflowMicrosoft Windows 2000Network News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDrwho daemon Code Execution VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Licence Logging ServiceUnknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 2)Microsoft Windows NTMicrosoft FrontPage Server Extensions 2000Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDMicrosoft Publisher VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003PublisherStack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Publisher 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Publisher 2002 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows RPC Denial of ServiceMicrosoft Windows 2000Remote Procedure Call (RPC)The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.Tiffany BergeronChristine WalzerINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) HijackClick VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMSHTA Code Execution Vulnerability (64-bit Server 2003 and XP Version 2003)Microsoft Windows Server 2003Windows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMS Word 98 Macro Names Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 98Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.Andrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMINTERIMMS Word 97 Macro Names Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 97Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.Andrew ButtnerINTERIMACCEPTEDIngrid SkoogINTERIMIngrid SkoogINTERIMMozilla IDN heap overrun using soft-hyphensMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaBuffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMSJava Applet CODEBASE File Access VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Virtual Machine (VM)Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.Tiffany BergeronINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (Server 2003,SP1)Microsoft Windows Server 2003Operating SystemBuffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows NT IIS HTTP Redirect Error Message Cross-site ScriptingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.Tiffany BergeronACCEPTEDMicrosoft Word Malformed Stack VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordUnspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSource Element Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (Server 2003,SP1)Microsoft Windows Server 2003Operating SystemCOM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Workstation Service Logging Function Buffer OverflowMicrosoft Windows 2000Microsoft Windows Workstation ServiceStack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.Tiffany BergeronACCEPTEDACCEPTEDIE v6.0,SP1 SSL Cached Content VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMSHTA Code Execution Vulnerability (32-bit XP,SP2)Microsoft Windows XPWindows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMACCEPTEDACCEPTEDSendmail BO in Prescan FunctionRed Hat Linux 9SendmailThe prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDExcel Malformed DATETIME Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelUnspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDImproper Cross Domain Security Validation with ShowHelp FunctionalityMicrosoft Windows 2000Microsoft Internet ExplorerThe showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."David ProulxChristine WalzerINTERIMACCEPTEDACCEPTEDSymlink Attack Vulnerability in semi/wemi MIME LibrariesRed Hat Linux 9semi MIME libraryThe (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPowerPoint Malformed Record Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDBO in Samba call_trans2open FunctionRed Hat Linux 9Samba, Samba-TNGBuffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMultiple Buffer Overflows in SambaRed Hat Linux 9SambaMultiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE v6.0 for 2003, SP3 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDFile Manifest Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Operating SystemThe Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 rpc.yppasswdd Buffer Overrun VulnerabilitySun Solaris 8rpc.yppasswddBuffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.David ProulxACCEPTEDWindows (ME, NT, 2K), IE v5.5,SP2 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDMicrosoft Excel Malformed SELECTION record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.Robert L. HollisINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDXsun Buffer Overflow via HOME EnvvarSun Solaris 7XsunBuffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage gzip is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gzip is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySamba Arbitrary File Overwrite VulnerabilityRed Hat Linux 9SambaThe code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gwenhywfar is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gwenhywfar is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage guile-devel is installedopenSUSE 10.2openSUSE FactoryPackage guile-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gtkspell-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtkspell-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gucharmap-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gucharmap-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkutils-data is installedSUSE Linux 10.0openSUSE FactoryPackage gtkutils-data is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryMicrosoft MDAC 2.6 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Compnents 2.6Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gtk-sharp-complete is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtk-sharp-complete is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIE v5.5, SP2 SSL Cached Content VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDSMB/CIFS Packet Fragment Re-assembly BORed Hat Linux 9smbdBuffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Win2k,SP4)Microsoft Windows 2000MSDTCThe MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDExchange Server 2003 Routing Engine Buffer OverflowMicrosoft Windows Server 2003SMTPThe SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gwc-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gwc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryRHE4 Firefox and Mozilla Shared Object Code ExecutionRed Hat Enterprise Linux 4mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDEthereal NTLMSSP Buffer OverflowRed Hat Linux 9EtherealHeap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gtkspell is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtkspell is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtksourceview-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtksourceview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage guile-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage guile-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.5,SP2 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDACCEPTEDPackage gtksourceview-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtksourceview-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gtk-sharp2-complete is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtk-sharp2-complete is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIE v5.01,SP4 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gwenhywfar-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gwenhywfar-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gwenview is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gwenview is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gtkpbbuttons is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkpbbuttons is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage g-wrap is installedopenSUSE 10.2openSUSE FactoryPackage g-wrap is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gwenview-lang is installedopenSUSE FactoryPackage gwenview-lang is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryMicrosoft Excel Malformed COLINFO record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelBuffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."Robert L. HollisINTERIMACCEPTEDACCEPTEDPackage gtksourceview is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtksourceview is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gwget-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gwget-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryDenial of Service Vulnerability in Postfix Parser CodeRed Hat Linux 9PostfixThe address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gtksourceview-sharp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtksourceview-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gzip-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gzip-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 (XP) Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage gtk2-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gtk2-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk2-engines-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk2-engines-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gvim is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gvim is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v5.5 Malformed PNG Image File Failure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."Harvey RubinovitzACCEPTEDACCEPTEDPackage gtkglext-doc is installedopenSUSE 10.2openSUSE FactoryPackage gtkglext-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gstreamer-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-sharp2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-sharp2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkglext is installedopenSUSE 10.2openSUSE FactoryPackage gtkglext is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gtkhtml2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtkhtml2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtkhtml-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkhtml-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkglext-devel is installedopenSUSE 10.2openSUSE FactoryPackage gtkglext-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gstreamer-plugins is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-plugins is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtksourceview-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtksourceview-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gxdview-debuginfo is installedopenSUSE FactoryPackage gxdview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryOLE Dialog Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Interactive TrainingThe OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDEthereal SOCKS String Format VulnerabilityRed Hat Linux 9EtherealFormat string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gtk1-compat-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk1-compat-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-sharp-gapi is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtk-sharp-gapi is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gutenprint-devel is installedopenSUSE 10.2openSUSE FactoryPackage gutenprint-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gtk2-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtk2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtkcard is installedopenSUSE 10.2openSUSE FactoryPackage gtkcard is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gwc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gwc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryMS Word 6.0 Font Conversion Vulnerability (64-bit XP)Microsoft Windows XPMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage gtk-xfce-engine-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-xfce-engine-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkhtml is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtkhtml is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gstreamer-doc is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-good is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gstreamer010-plugins-good is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryExcel-Flash Arbitrary Code Execution VulnerabilityMicrosoft Windows XPFlash PlayerMicrosoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gtk2-engines-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk2-engines-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtktalog-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtktalog-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gurlchecker is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gurlchecker is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkpod is installedopenSUSE 10.2openSUSE FactoryPackage gtkpod is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gtk1-compat is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk1-compat is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gup is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gup is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtkzip-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkzip-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Excel Malformed File VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelUnspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.Robert L. HollisINTERIMACCEPTEDACCEPTEDPackage gtk-doc is installedopenSUSE FactoryPackage gtk-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gucharmap-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gucharmap-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gstreamer-plugins-devel is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-plugins-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkhtml-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkhtml-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows Media Format ASF Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Windows Media PlayerBuffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage gstreamer010-plugins-good-extra is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gstreamer010-plugins-good-extra is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-base-visual is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gstreamer010-plugins-base-visual is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-ugly-doc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gstreamer010-plugins-ugly-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk2-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk2-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer-plugins-64bit is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-plugins-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Indexing Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Indexing ServiceCross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gtkam-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkam-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gstreamer010 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtkglarea is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtkglarea is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gwenhywfar-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gwenhywfar-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtetrinet-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtetrinet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0,SP1 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gstreamer010-plugins-base-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gstreamer010-plugins-base-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-doc is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gstreamer010-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtktalog is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtktalog is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-base-32bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gstreamer010-plugins-base-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gsynaptics is installedopenSUSE 10.2openSUSE FactoryPackage gsynaptics is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gthumb-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gthumb-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer-plugins-extra is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-plugins-extra is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0,SP1 Install Engine Buffer OverflowMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gtkpbbuttons-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gtkpbbuttons-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-xfce-engine is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-xfce-engine is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkmm24-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkmm24-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkiterm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkiterm is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Install Engine Buffer OverflowMicrosoft Windows Server 2003Microsoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gtk-qt-engine-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-qt-engine-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-devel is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gstreamer010-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gurlchecker-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gurlchecker-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer-64bit is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.5,SP2 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDACCEPTEDWindows XP Long Share Names VulnerabilityMicrosoft Windows XPWindows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage gthumb is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gthumb is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-bad is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gstreamer010-plugins-bad is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-engines is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtk-engines is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gspcav-kmp-debug is installedopenSUSE FactoryPackage gspcav-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryIE v5.01,SP4 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP, Windows Server 20003 Blind Connection Reset Attack VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage gtk-sharp2-doc is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtk-sharp2-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gtklp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtklp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gspcav is installedopenSUSE FactoryPackage gspcav is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gtk-qt-engine is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtk-qt-engine is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIE v5.01,SP3 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gsmlib-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gsmlib-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage grass is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage grass is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gstreamer-plugins-32bit is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-plugins-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-sharp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-sharp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gxdview is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gxdview is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWord Malformed Function VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordUnspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gtkspell-doc is installedopenSUSE FactoryPackage gtkspell-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryRPC Runtime Library Denial of Service and Information Disclosure Vulnerability (NT 4.0 Terminal Server Edition)Microsoft Windows NTRemote Procedure Call (RPC)The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.Matthew BurtonDRAFTINTERIMACCEPTEDMatthew BurtonINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage grep-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage grep-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage groff-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage groff-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk2-themes is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtk2-themes is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gsl-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gsl-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-plugins-debuginfo is installedopenSUSE FactoryPackage graphviz-plugins-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryIE v5.01,SP2 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gscpm is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gscpm is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkmm24-devel is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkmm24-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage goffice is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage goffice is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnutls-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnutls-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v6.0,SP1 (Server 2003) Improper URL Canonicalization VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gtkhtml-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtkhtml-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gtk-sharp-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-sharp-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gpsbabel is installedopenSUSE 10.2openSUSE FactoryPackage gpsbabel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gstreamer010-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gstreamer010-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-base-devel is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gstreamer010-plugins-base-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage GraphicsMagick-debuginfo is installedopenSUSE FactoryPackage GraphicsMagick-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryMicrosoft MDAC 2.5 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Compnents 2.5Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gstreamer-devel is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-qt-engine-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-qt-engine-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-perl is installedopenSUSE FactoryPackage graphviz-perl is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnupod is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnupod is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gpg-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpg-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnugo-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnugo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gob2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gob2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage google-perftools is installedopenSUSE FactoryPackage google-perftools is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gtkam is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkam is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnutls-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnutls-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-base-oil is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gstreamer010-plugins-base-oil is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage goffice-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage goffice-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtetrinet is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtetrinet is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnuchess is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnuchess is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-web-photo-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gnome-web-photo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage groff is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage groff is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gok-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gok-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage GraphicsMagick-c++-devel is installedopenSUSE 10.2openSUSE FactoryPackage GraphicsMagick-c++-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage goobox-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage goobox-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkutils-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage gtkutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPostfix Bounce Scans VulnerabilityRed Hat Linux 9PostfixPostfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gnutls-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnutls-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gpm-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-java is installedopenSUSE FactoryPackage graphviz-java is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gtkspell-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkspell-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gpg2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpg2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gromacs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gromacs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnucash-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnucash-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gpsbabel-debuginfo is installedopenSUSE FactoryPackage gpsbabel-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gok-doc is installedopenSUSE FactoryPackage gok-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gtk-sharp-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gtk-sharp-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gromacs-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gromacs-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnutls is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnutls is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gpm-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpm-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer-32bit is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage grepmail is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage grepmail is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP3 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRed Hat Eye of GNOME (EOG) Packages Fix Format String VulnerabilityRed Hat Linux 9EOGFormat string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gnome-terminal is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-terminal is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage graphviz-php is installedopenSUSE FactoryPackage graphviz-php is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-utils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-utils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-base-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gstreamer010-plugins-base-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gocr-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gocr-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gos-wallpapers is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gos-wallpapers is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage goobox is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage goobox is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryScob and Toofer Internet Explorer v6.0 VulnerabilitiesMicrosoft Windows XPMicrosoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDACCEPTEDPackage gstreamer010-plugins-base is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gstreamer010-plugins-base is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnuboy is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnuboy is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gobby is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gobby is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnucash-docs is installedopenSUSE FactoryPackage gnucash-docs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnuplot is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnuplot is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtkglext-debuginfo is installedopenSUSE FactoryPackage gtkglext-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage GraphicsMagick-c++ is installedopenSUSE 10.2openSUSE FactoryPackage GraphicsMagick-c++ is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnumeric-devel is installedopenSUSE FactoryPackage gnumeric-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gpgme is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gpgme is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnu-efi is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnu-efi is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnugk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnugk is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-vfs2-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-vfs2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gromacs-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gromacs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0,SP1 (Server 2003) Malformed GIF Image Double-free VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerDouble-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gtksourceview-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtksourceview-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gstreamer-plugins-excess is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-plugins-excess is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gstreamer010-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnucash-devel is installedopenSUSE 10.2openSUSE FactoryPackage gnucash-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage goom2k4-rc2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage goom2k4-rc2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-utils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-utils is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gup-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gup-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Outlook VEVENT VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookMicrosoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gnugk-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gnugk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gphoto-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gphoto-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-doc is installedopenSUSE FactoryPackage graphviz-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gphotofs-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gphotofs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gsf-sharp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gsf-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gperf is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gperf is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gst-plugins-farsight is installedopenSUSE FactoryPackage gst-plugins-farsight is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-printer-add-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-printer-add-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01, SP4 SSL Cached Content VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gstreamer010-plugins-good-doc is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gstreamer010-plugins-good-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gnome-vfs2-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-vfs2-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-vfs-monikers is installedopenSUSE 10.2openSUSE FactoryPackage gnome-vfs-monikers is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gtklp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtklp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage google-perftools-devel is installedopenSUSE FactoryPackage google-perftools-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-print-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-print-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryCDE libDtHelp Buffer OverflowSun Solaris 7Sun Solaris 8Sun Solaris 9CDEBuffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.Brian SobyDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage gtkdoc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtkdoc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryHP-UX 11.11, 11.23 Blind Connection Reset Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage gnome-python-desktop-debuginfo is installedopenSUSE FactoryPackage gnome-python-desktop-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnump3d is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnump3d is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-phone-manager-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-phone-manager-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gmime-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gmime-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gucharmap is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gucharmap is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnomebaker is installedopenSUSE 10.2openSUSE FactoryPackage gnomebaker is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gtkpod-debuginfo is installedopenSUSE FactoryPackage gtkpod-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-filesystem is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-filesystem is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gphotofs is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gphotofs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0,SP1 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gmp-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gmp-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-commander-debuginfo is installedopenSUSE FactoryPackage gnome-commander-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-keyring-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-keyring-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-desktop-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-desktop-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gmp-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gmp-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gqview-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gqview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-panel-extras is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnome-panel-extras is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnushogi is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnushogi is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage goffice-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage goffice-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 Improper URL Canonicalization VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDACCEPTEDPackage glibc-profile-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-profile-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnet-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-system-monitor-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-system-monitor-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-ruby is installedopenSUSE FactoryPackage graphviz-ruby is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-bluetooth-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-bluetooth-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-menus-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-menus-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glitz is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glitz is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-keyring-doc is installedopenSUSE FactoryPackage gnome-keyring-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryIE v5.5,SP2 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDPackage global is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage global is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gst-plugins-farsight-debuginfo is installedopenSUSE FactoryPackage gst-plugins-farsight-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glibc-profile is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage glibc-profile is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnet-doc is installedopenSUSE FactoryPackage gnet-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gtk-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtk-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnuboy-debuginfo is installedopenSUSE FactoryPackage gnuboy-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gtkhtml2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkhtml2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-vfs-devel is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-vfs-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gtkmm24 is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtkmm24 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIE v5.01,SP4 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Word Mail Merge VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordUnspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage graphviz-lua is installedopenSUSE FactoryPackage graphviz-lua is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gtkutils is installedSUSE Linux 10.0openSUSE FactoryPackage gtkutils is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gnome-session-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-session-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-pilot-conduits-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-pilot-conduits-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-pilot is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-pilot is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gramofile-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gramofile-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glest is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glest is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glibc-html is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glibc-html is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage grip-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage grip-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gsl-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gsl-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP4 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gxmhtml is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gxmhtml is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glib-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glib-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-games is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-games is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage graphviz-tcl is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage graphviz-tcl is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gkrellm-debuginfo is installedopenSUSE FactoryPackage gkrellm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glabels-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glabels-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-bad-doc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gstreamer010-plugins-bad-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gpm is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gpm is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v5.01,SP2 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gnome-common is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-common is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-doc-utils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-doc-utils is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-commander is installedopenSUSE 10.2openSUSE FactoryPackage gnome-commander is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryWindows XP (32-Bit) Unchecked Buffer in NetDDEMicrosoft Windows XPNetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gspcav-kmp-default is installedopenSUSE FactoryPackage gspcav-kmp-default is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryWindows NT NNTP Component Buffer OverflowMicrosoft Windows NTNetwork News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 Bitmap Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDACCEPTEDPackage gnome-menus-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-menus-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-netstatus is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-netstatus is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gnome-menus-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-menus-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-spell-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-spell-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnash-debuginfo is installedopenSUSE FactoryPackage gnash-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage google-perftools-debuginfo is installedopenSUSE FactoryPackage google-perftools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glib2-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glib2-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnutls-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnutls-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glitz-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glitz-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-keyring-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-keyring-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-main-menu-debuginfo is installedopenSUSE FactoryPackage gnome-main-menu-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-vfs2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-vfs2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-session is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-session is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glibc-locale-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-locale-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkmm2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkmm2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnumeric-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnumeric-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnomemeeting-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnomemeeting-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-vfs2-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-vfs2-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gpm-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpm-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gpdf-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpdf-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnuserv is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnuserv is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-sharp is installedopenSUSE FactoryPackage graphviz-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-applets-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-applets-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-libs-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-libs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-plugins is installedopenSUSE FactoryPackage graphviz-plugins is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-desktop-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-desktop-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-panel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-panel-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnu-jaf is installedopenSUSE FactoryPackage gnu-jaf is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-keyring-manager is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-keyring-manager is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnu-regexp is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnu-regexp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-guile is installedopenSUSE FactoryPackage graphviz-guile is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage graphviz-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage graphviz-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-ugly is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gstreamer010-plugins-ugly is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-nettool is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-nettool is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glest-data is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glest-data is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-engines-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage gtk-engines-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage GraphicsMagick-devel is installedopenSUSE 10.2openSUSE FactoryPackage GraphicsMagick-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryInteger Signedness Error in PINERed Hat Linux 9pineInteger signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gtk2-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtk2-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtk2-engines-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk2-engines-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnomeicu is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnomeicu is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-volume-manager-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-volume-manager-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnokii-smsd is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnokii-smsd is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-alsamixer is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-alsamixer is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glibc-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-mime-data is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-mime-data is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryVulnerability in NNTP Could Allow Remote Code ExecutionMicrosoft Windows Server 2003Network News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gnu-inetlib is installedopenSUSE FactoryPackage gnu-inetlib is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryHTML Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage gnome-doc-utils-devel is installedopenSUSE 10.2openSUSE FactoryPackage gnome-doc-utils-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnome-desktop-doc is installedopenSUSE FactoryPackage gnome-desktop-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gpgme-devel is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gpgme-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-applets-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-applets-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-main-menu-devel is installedopenSUSE 10.2SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-main-menu-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gnome-menus is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-menus is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnu-regexp-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnu-regexp-javadoc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gqview is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gqview is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnomemeeting is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnomemeeting is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gob2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gob2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage glibmm2-debuginfo is installedopenSUSE FactoryPackage glibmm2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gsynaptics-debuginfo is installedopenSUSE FactoryPackage gsynaptics-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glib2-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glib2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-mount-debuginfo is installedopenSUSE FactoryPackage gnome-mount-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glibc-locale is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glibc-locale is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gutenprint is installedopenSUSE 10.2openSUSE FactoryPackage gutenprint is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage g-wrap-devel is installedopenSUSE 10.2openSUSE FactoryPackage g-wrap-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnome-media-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-media-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryDefault Permissions on RAS Administration KeyMicrosoft Windows NTRemote Access Service (RAS)The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.Matt BusbyINTERIMACCEPTEDACCEPTEDIE v5.01 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDACCEPTEDCSS Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage gnome-cups-manager-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-cups-manager-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glitz-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glitz-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnutls-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnutls-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gkermit-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage gkermit-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gnu-javamail is installedopenSUSE FactoryPackage gnu-javamail is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage graphviz-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage graphviz-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnushogi-debuginfo is installedopenSUSE FactoryPackage gnushogi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-power-manager-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gnome-power-manager-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gocr is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gocr is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-speech-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-speech-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPINE Buffer OverflowRed Hat Linux 9pineBuffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gpa-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpa-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Message Queuing Buffer OverflowMicrosoft Windows 2000Message QueuingBuffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDACCEPTED.NET Framework v1.0 Security BypassMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003.NET FrameworkThe Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMMatthew WojcikDaniel TarnuACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDPackage gonvert is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gonvert is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryDHTML Object Memory Corruption Vulnerability (IE5.01,SP4)Microsoft Windows 2000Microsoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage glib-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glib-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-desktop is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-desktop is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gkermit is installedSUSE Linux 10.0openSUSE FactoryPackage gkermit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gramofile is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gramofile is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-menus-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-menus-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryServer 2003 Object Management VulnerabilityMicrosoft Windows Server 2003Microsoft Word 2003Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gqcam-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gqcam-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-audio is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-audio is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gok-devel is installedopenSUSE FactoryPackage gok-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glibc-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-desktop-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-desktop-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glibmm24-devel is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibmm24-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gsl is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gsl is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnokii-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnokii-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP,SP2 Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows XPOperating SystemStack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gjdoc is installedopenSUSE 10.2openSUSE FactoryPackage gjdoc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnopernicus-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnopernicus-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gpgme-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpgme-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-pilot-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-pilot-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk2-engines is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtk2-engines is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gpdf is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpdf is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glitz-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glitz-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glitz-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glitz-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-cups-manager is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-cups-manager is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glib-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glib-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryObject Packager Dialogue Spoofing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Operating SystemArgument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage glibc-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glibc-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glade-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glade-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnomeicu-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnomeicu-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gecko-sharp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gecko-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gpg is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gpg is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ghostscript-fonts-other is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ghostscript-fonts-other is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-pilot-conduits is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-pilot-conduits is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-utils-doc is installedopenSUSE FactoryPackage gnome-utils-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryIE v5.5 Encoded Characters Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzACCEPTEDACCEPTEDPackage gnome-media is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-media is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE5.01,SP4 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage g-wrap-debuginfo is installedopenSUSE FactoryPackage g-wrap-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gexif is installedopenSUSE FactoryPackage gexif is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gwget is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gwget is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage giflib-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage giflib-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnats is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnats is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gimp-cmyk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gimp-cmyk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMS Windows RPC DCOM DoS-based Privilege Escalation VulnerabilityMicrosoft Windows 2000Remote Procedure Call (RPC)The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.Tiffany BergeronACCEPTEDACCEPTEDPackage gdome2-devel is installedopenSUSE 10.2openSUSE FactoryPackage gdome2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gqcam is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gqcam is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryKerberos 5 KDC ASN.1 Error Handling Double-free VulnerabilitiesSun Solaris 9Kerberos5Double-free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.Brian SobyDRAFTBrian SobyINTERIMACCEPTEDACCEPTEDPackage gnome-python-desktop is installedopenSUSE 10.2openSUSE FactoryPackage gnome-python-desktop is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnome2-SuSE is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome2-SuSE is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gltt-devel is installedopenSUSE FactoryPackage gltt-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glade is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glade is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glade-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage glade-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gspcav-kmp-ppc64 is installedopenSUSE FactoryPackage gspcav-kmp-ppc64 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-phone-manager is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-phone-manager is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gdbm-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdbm-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMSN Messenger GIF Size Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003MSN MessengerGIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage gnome-screensaver-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-screensaver-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gphoto is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gphoto is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage glibc-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-vfs-monikers-debuginfo is installedopenSUSE FactoryPackage gnome-vfs-monikers-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage geronimo-tomcat-servlet-container is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage geronimo-tomcat-servlet-container is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnopernicus-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnopernicus-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryBuffer Overrun in Server Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemBuffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage grub-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage grub-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gettext-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gettext-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gimp-help is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gimp-help is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage giflib-progs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage giflib-progs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glib2-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glib2-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-system-tools is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-system-tools is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gd-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gd-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ginac is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ginac is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP3 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gperf-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gperf-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gjiten-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gjiten-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gettext-java-debuginfo is installedopenSUSE FactoryPackage gettext-java-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gimp-unstable-doc is installedopenSUSE FactoryPackage gimp-unstable-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gemdropx-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gemdropx-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-keyring-manager-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-keyring-manager-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gl-117-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gl-117-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnopernicus is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnopernicus is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIE v5.01,SP2 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE v5.01 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."David ProulxRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDACCEPTEDPackage gconfmm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gconfmm is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gconf-sharp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gconf-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage glibc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glibc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-spell2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-spell2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gscmxx is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gscmxx is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Windows Kernel Local Denial of ServiceMicrosoft Windows XPMicrosoft Windows Server 2003Windows kernelThe kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.Ingrid SkoogIngrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage gnome-presence-applet-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-presence-applet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-print-devel is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-print-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ghostscript-fonts-std is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ghostscript-fonts-std is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryUnchecked Buffer in SQLXML ISAPI Extension (MDAC 2.7)Microsoft Windows 2000Microsoft SQL Server 2000Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."Matthew BurtonMatthew BurtonDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDPackage ghex is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage ghex is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gnome-mag-devel is installedopenSUSE FactoryPackage gnome-mag-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gstreamer-plugins-default is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gstreamer-plugins-default is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-reset is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnome-reset is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-nettool-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-nettool-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-icon-theme is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-icon-theme is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glabels is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glabels is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-pilot-conduits-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-pilot-conduits-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glibc-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage genromfs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage genromfs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-python-desktop-doc is installedopenSUSE FactoryPackage gnome-python-desktop-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gc-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gftp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gftp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc42-obj-c++ is installedopenSUSE FactoryPackage gcc42-obj-c++ is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryDHTML Object Memory Corruption Vulnerability (IE5.01,SP3)Microsoft Windows 2000Microsoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage git-core-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage git-core-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage glibc-i18ndata is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glibc-i18ndata is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gpsdrive is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpsdrive is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gmime is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gmime is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-themes-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage gnome-themes-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gcc42-gij-64bit is installedopenSUSE FactoryPackage gcc42-gij-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-bluetooth-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-bluetooth-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIE5.01,SP4 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDApache Mod_Proxy Remote Negative Content-Length Buffer OverflowSun Solaris 8Sun Solaris 9ApacheHeap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.Brian SobyBrian SobyBrian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage gpa is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gpa is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glchess-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glchess-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-speech is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-speech is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryExcel Malformed COLINFO Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelUnspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDProxy Server Reverse DNS Lookup Results SpoofingMicrosoft Windows NTProxy Server 2.0 SP1Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.Christine WalzerDRAFTINTERIMChristine WalzerIngrid SkoogACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gnome-presence-applet is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-presence-applet is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-media-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-media-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc41-32bit is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gconf2-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gconf2-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gkrellm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gkrellm is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gettext is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gettext is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gconf-editor-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gconf-editor-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnuplot-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnuplot-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPH Cross-site Scripting VulnerabilityRed Hat Linux 9phpCross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gmp-devel-32bit is installedopenSUSE FactoryPackage gmp-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryWindows NT DHCP Request Code Execution Vulnerability (Terminal Server)Microsoft Windows NTDHCPThe DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage gecko-sharp2-docs is installedopenSUSE 10.2openSUSE FactoryPackage gecko-sharp2-docs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gltt is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gltt is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnu-getopt is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnu-getopt is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc-objc-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gcc-objc-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk2-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk2-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gdbm-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gdbm-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryUnchecked Buffer in SQLXML ISAPI Extension (MDAC 2.6)Microsoft Windows 2000Microsoft SQL Server 2000Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."Matthew BurtonMatthew BurtonMatthew BurtonDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDPackage gcc-locale is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gcc-locale is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtk-sharp2-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gtk-sharp2-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage git-core is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage git-core is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gftp is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gftp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage giflib-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage giflib-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLDAP RBAC Privilege Escalation VulnerabilitySun Solaris 8Sun Solaris 9LDAPUnknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.Brian SobyDRAFTINTERIMACCEPTEDINTERIMDRAFTINTERIMACCEPTEDACCEPTEDPackage gimp-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gimp-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryWindows 2000 Object Management VulnerabilityMicrosoft Windows 2000Windows kernelBuffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDACCEPTEDWINS Association Context Vulnerability (NT 4.0)Microsoft Windows NTWindows NT 4.0The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gnome-mag is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-mag is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIIS Server Side Include Web Pages Buffer OverrunMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."Tiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDPackage gnome-games-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-games-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gscpm-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gscpm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gdk-pixbuf-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdk-pixbuf-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnuserv-debuginfo is installedopenSUSE FactoryPackage gnuserv-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gconfmm-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gconfmm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc42-c++ is installedopenSUSE FactoryPackage gcc42-c++ is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage git-cvs is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage git-cvs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gecko-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gecko-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gedit-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gedit-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc-gij is installedopenSUSE 10.2openSUSE FactoryPackage gcc-gij is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factorySpoofed Connection Request VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Operating SystemWindows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gnome-pilot-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-pilot-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gdb-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdb-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gexif-debuginfo is installedopenSUSE FactoryPackage gexif-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gdm is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gdm is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-web-photo is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-web-photo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gtk-sharp2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtk-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-netstatus-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-netstatus-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gconf-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gconf-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryExcel Handling of Lotus 1-2-3 File VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelUnspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gnucash is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnucash is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gettext-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gettext-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gimp-cmyk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gimp-cmyk is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gconfmm-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gconfmm-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gentoo-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gentoo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryServer 2003 Blind Connection Reset Attack VulnerabilityMicrosoft Windows Server 2003Microsoft Word 2003Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gmp-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gmp-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-bluetooth is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-bluetooth is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gecko-sdk is installedSUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gecko-sdk is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage giflib-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage giflib-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySolaris 7 AdminTool Media Installation Path Buffer OverflowSun Solaris 7AdmintoolBuffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.David ProulxMatthew WojcikMatthew WojcikMatthew WojcikINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage gdk-pixbuf-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdk-pixbuf-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gmime-doc is installedopenSUSE FactoryPackage gmime-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryWindows XP Font Buffer Overflow (SP1)Microsoft Windows XPWindows kernelBuffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDPackage gnokii is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnokii is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage ghostscript-omni is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage ghostscript-omni is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-terminal-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-terminal-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-themes-64bit is installedSUSE Linux 10.0openSUSE FactoryPackage gnome-themes-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gnet-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnet-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWin2k Large Window Size TCP RST Denial of ServiceMicrosoft Windows 2000Windows 2000TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gcc41-c++ is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-c++ is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryIE v6.0 (XP) Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage gcc41-gij-32bit is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-gij-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gdk-pixbuf-gnome is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdk-pixbuf-gnome is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glib-sharp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glib-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryLicense Logging Service Vulnerability (Windows NT)Microsoft Windows NTMDAC 2.8The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbtirary code, aka the "License Logging Service Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gltt-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gltt-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-panel-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-panel-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gconf2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gconf2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-sharp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gcc41-64bit is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnutls-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnutls-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMS Internet Security and Acceleration Server H.323 Buffer OverflowMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Internet Security and Acceleration Server 2000Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.David ProulxINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengJeff ChengACCEPTEDACCEPTEDPackage gd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc41-testresults is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-testresults is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnome-speech-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-speech-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-vfs-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-vfs-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gcc-fortran-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gcc-fortran-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gdbm-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdbm-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc42-64bit is installedopenSUSE FactoryPackage gcc42-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gforth-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gforth-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glibmm2-devel is installedopenSUSE 10.2openSUSE FactoryPackage glibmm2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gentoo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gentoo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMS Exchange / OWA NTLM Authentication VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Exchange ServerMicrosoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.Andrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMJeff ChengJeff ChengINTERIMPackage gtk-qt-engine-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-qt-engine-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows Server 2003 IIS WebDAV Message Handler Denial of Service VulnerabilityMicrosoft Windows Server 2003Microsoft Internet Information Server (IIS)The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gnome-mount is installedopenSUSE 10.2openSUSE FactoryPackage gnome-mount is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gcc41-objc-32bit is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-objc-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage geki2 is installedSUSE Linux 10.0openSUSE FactoryPackage geki2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage glib2-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glib2-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows NT Terminal Server VDM Privilege Escalation VulnerabilityMicrosoft Windows NTVDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage gpart-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gpart-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gsmlib is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gsmlib is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPowerPoint Malformed Object Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPointPowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage ghostscript-x11 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ghostscript-x11 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE AbusiveParent Vulnerability (64-bit Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gcc42-objc-64bit is installedopenSUSE FactoryPackage gcc42-objc-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryMozilla, Firebird, Firefox Frame Injection VulnerabilitySun Solaris 8mozillaThe (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage gnome-main-menu is installedopenSUSE 10.2SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-main-menu is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gettext-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gettext-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ggv-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ggv-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gdm-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gdm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc-mudflap-64bit is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gcc-mudflap-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ganglia-monitor-core-gmond is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ganglia-monitor-core-gmond is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySuppressed: Duplicate of OVAL3882Microsoft Windows XPMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDPackage gnome-vfs2-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-vfs2-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ghostscript-ijs-devel is installedopenSUSE FactoryPackage ghostscript-ijs-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-system-monitor is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-system-monitor is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gcc-fortran-32bit is installedopenSUSE 10.2SUSE Linux 10.0openSUSE FactoryPackage gcc-fortran-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gnome-print is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-print is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gcc-32bit is installedopenSUSE 10.2SUSE Linux 10.0openSUSE FactoryPackage gcc-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gnome-vfsmm-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-vfsmm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryHyperTerminal Session File Vulnerability (Windows 2000)Microsoft Windows 2000HyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDJohn HoylandINTERIMDaniel TarnuACCEPTEDACCEPTEDPackage gnome-vfs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-vfs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows 2000 Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows 2000Operating SystemStack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gnome-libs-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-libs-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gforth is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gforth is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc-java is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gcc-java is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gcc41-info is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-info is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage genromfs-debuginfo is installedopenSUSE FactoryPackage genromfs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage garlic is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage garlic is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc42-fortran-64bit is installedopenSUSE FactoryPackage gcc42-fortran-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gpg2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gpg2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gcc41-debuginfo is installedopenSUSE FactoryPackage gcc41-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glade-sharp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage glade-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factorySunRPC xdr_array Function Integer OverflowSun Solaris 7Sun RPCInteger overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.Brian SobyDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDSpecific applications using this library are not tested for because Suns advisory only provides a sample of known vulnerable applications and states that they are still investigating.Package ghex-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ghex-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryServer 2003/64-bit XP Drag-and-Drop VulnerabilityMicrosoft Windows Server 2003Windows MessengerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gambas2-gb-qt-kde is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-qt-kde is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gail-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gail-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc-c++ is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gcc-c++ is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gaim is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gaim is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gal2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gal2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 (XP) Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage gambas2-gb-sdl-opengl is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-sdl-opengl is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnome2-user-docs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome2-user-docs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glibmm24 is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage glibmm24 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gcc-mudflap is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gcc-mudflap is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ghostview-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ghostview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnomebaker-debuginfo is installedopenSUSE FactoryPackage gnomebaker-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gspcav-kmp-bigsmp is installedopenSUSE FactoryPackage gspcav-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glibc-info is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glibc-info is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glibc-locale-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-locale-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMSHTA Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Windows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMAndrew ButtnerACCEPTEDACCEPTEDIE v5.01 Encoded Characters Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzACCEPTEDRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDACCEPTEDPackage gmp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gmp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ggv is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ggv is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc41-gij-64bit is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-gij-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryHelp and Support Center PCHealth System Buffer Overflow (Server 2003)Microsoft Windows Server 2003Help and Support Center (HSC)Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage gtkmm2-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkmm2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glibc-profile-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-profile-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gconf2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gconf2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP4 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gnome-libs-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-libs-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage global-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage global-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryCGI.pm Cross-site Scripting VulnerabilityRed Hat Linux 9CGI.pmCross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSolaris 8 whodo Buffer Overflow VulnerabilitySun Solaris 8whodoBuffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.David ProulxMatthew WojcikINTERIMMatthew WojcikMatthew WojcikMatthew WojcikACCEPTEDACCEPTEDPackage gcc41-fortran-32bit is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-fortran-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gawk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gawk is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gal-devel is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gal-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkzip is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkzip is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage geronimo-jetty-servlet-container is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage geronimo-jetty-servlet-container is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnu-regexp-demo is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnu-regexp-demo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-form is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-form is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage htop-debuginfo is installedopenSUSE FactoryPackage htop-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gcc41-java is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-java is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gcc-objc-32bit is installedopenSUSE 10.2SUSE Linux 10.0openSUSE FactoryPackage gcc-objc-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryBuffer Overflow in PAM SMB ModuleRed Hat Linux 9pam_smbBuffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage hypermail-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hypermail-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gawk-doc is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gawk-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gambas2-gb-opengl is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-opengl is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gcal is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gcal is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtkmm2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtkmm2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage grass-debuginfo is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage grass-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcal-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gcal-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hylafax-client is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage hylafax-client is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gnome-panel-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-panel-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtk-sharp2-gapi is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gtk-sharp2-gapi is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryISA Server NetBIOS Packet Filter Bypass VulnerabilityMicrosoft Windows 2000ISA Server 2000Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.Christine WalzerDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage gwenview-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gwenview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc42-testresults is installedopenSUSE FactoryPackage gcc42-testresults is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage giflib-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage giflib-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-qt is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-qt is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gambas2-gb-xml-xslt is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-xml-xslt is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryIE6 (for Server 2003) Content Advisor Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDPackage gnome-vfsmm-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-vfsmm-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-ldap is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-ldap is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryLoadImage Cursor and Icon Format Handling Vulnerability (Windows 2000)Microsoft Windows 2000Cursor and Icon FormattingInteger overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDApache Mod_Access Access Control Rule Bypass VulnerabilitySun Solaris 8Sun Solaris 9Apachemod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.Brian SobyBrian SobyBrian SobyDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Unknown Vector SMB VulnerabilityMicrosoft Windows 2000Small Business Server 2000Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDPackage gimp-unstable is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gimp-unstable is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage htmldoc-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage htmldoc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc-ada-32bit is installedSUSE Linux 10.0openSUSE FactoryPackage gcc-ada-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gal2-devel is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gal2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-libs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-libs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc42-objc-32bit is installedopenSUSE FactoryPackage gcc42-objc-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-printer-add is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-printer-add is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-panel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-panel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMIT Kerberos 5 Multiple Double-Free VulnerabilitiesSun Solaris 9Kerberos5Double-free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage gfxboot is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gfxboot is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryOpenSSL No RSA Blinding VulnerabilityRed Hat Linux 9OpenSSLOpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).Jay BealeINTERIMJay BealeJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gnome-themes-32bit is installedSUSE Linux 10.0openSUSE FactoryPackage gnome-themes-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage gamin-devel is installedSUSE Linux 10.0openSUSE FactoryPackage gamin-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage hwinfo-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hwinfo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gconf is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gconf is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gambas2-gb-sdl-sound is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-sdl-sound is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gawk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gawk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hugin is installedopenSUSE FactoryPackage hugin is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage html2text-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage html2text-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-backgrounds is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnome-backgrounds is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gc-devel is installedopenSUSE FactoryPackage gc-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage hpijs-standalone is installedopenSUSE FactoryPackage hpijs-standalone is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage hwinfo is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hwinfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtkglarea-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtkglarea-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hotkey-setup-debuginfo is installedopenSUSE FactoryPackage hotkey-setup-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gcc42-32bit is installedopenSUSE FactoryPackage gcc42-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gambas2-gb-eval is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-eval is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage hplip-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hplip-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcalctool is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gcalctool is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnome-themes is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-themes is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage geronimo is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage geronimo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySolaris 8, 9, 10 ICMP Source Quench Attack VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDPackage gcalctool-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gcalctool-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hfsplusutils-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage hfsplusutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage htdig-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage htdig-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage html2ps is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage html2ps is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gimp-unstable-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gimp-unstable-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-patch-translation is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnome-patch-translation is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-panel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-panel-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-volume-manager is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-volume-manager is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gcc42-ada is installedopenSUSE FactoryPackage gcc42-ada is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gimp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gimp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 HTML Help Remote Code Execution VulnerabilityMicrosoft Windows 2000HTML Help FacilityInteger overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.Andrew ButtnerDRAFTINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDMozilla, Netscape SOAPParameter Integer OverflowSun Solaris 8mozillaInteger overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage hfsutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hfsutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-db is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-db is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnome-keyring is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-keyring is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gdk-pixbuf-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdk-pixbuf-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-screensaver is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-screensaver is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hbedv-dazuko-kmp-smp is installedSUSE Linux 10.1openSUSE FactoryPackage hbedv-dazuko-kmp-smp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hermes is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage hermes is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage galago-sharp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage galago-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-media-cd is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnome-media-cd is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryFTP Server Command Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage gdome2 is installedopenSUSE 10.2openSUSE FactoryPackage gdome2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gdbm-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdbm-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ghostview is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ghostview is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hdparm is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hdparm is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage graphviz is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage graphviz is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gnome-desktop-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-desktop-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-crypt is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-crypt is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage hbedv-dazuko-kmp-xenpae is installedSUSE Linux 10.1openSUSE FactoryPackage hbedv-dazuko-kmp-xenpae is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage heroes-tron-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage heroes-tron-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc42-fortran-32bit is installedopenSUSE FactoryPackage gcc42-fortran-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryKlima-Pokorny-Rosa Attack VulnerabilityRed Hat Linux 9OpenSSLThe SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."Jay BealeINTERIMJay BealeJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage hydrogen is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hydrogen is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage heroes-tron is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage heroes-tron is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gammu-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gammu-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gfxboot-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gfxboot-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage GraphicsMagick is installedopenSUSE 10.2openSUSE FactoryPackage GraphicsMagick is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gcc42-info is installedopenSUSE FactoryPackage gcc42-info is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gail-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gail-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hanout-debuginfo is installedopenSUSE FactoryPackage hanout-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage git-svn is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage git-svn is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ghostscript-fonts-rus is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage ghostscript-fonts-rus is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIIS Help File Search Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.Tiffany BergeronACCEPTEDPackage grip is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage grip is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hello is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hello is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage HLaTeX is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage HLaTeX is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gau-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gau-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hercules-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage hercules-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Access Requests Privilege Escalation VulnerabilityMicrosoft Windows 2000Windows kernelThe kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDACCEPTEDWindows Server 2003 (32-Bit) Unchecked Buffer in NetDDEMicrosoft Windows Server 2003NetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gimp is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gimp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage git-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage git-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0,SP1 (Server 2003) Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage gaim-galago-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gaim-galago-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gal2 is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage gal2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gnash is installedopenSUSE 10.2openSUSE FactoryPackage gnash is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gambas2-gb-xml is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-xml is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryVulnerability in Macrovision Driver Could Allow Local Elevation of PrivilegeMicrosoft Windows XPMicrosoft Windows Server 2003MacrovisionBuffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.Robert L. HollisDRAFTINTERIMINTERIMPackage ghostscript-library-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ghostscript-library-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUse-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."Jeff ItoDRAFTINTERIMINTERIMWindows URI Handling VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDPackage gbuffy is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gbuffy is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage htdig is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage htdig is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gamix-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gamix-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-net-curl is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-net-curl is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMS Word 6.0 Font Conversion Vulnerability (NT Terminal Server)Microsoft Windows NTMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage gtkhtml2-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtkhtml2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryOpenSSL ASN.1 Inputs Character Tracking VulnerabilitySun Solaris 8Sun Solaris 9Sun ClusterOpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage helix-banshee is installedopenSUSE FactoryPackage helix-banshee is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage hanout is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hanout is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gdchart is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gdchart is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hpijs-standalone-debuginfo is installedopenSUSE FactoryPackage hpijs-standalone-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPGM Code Execution VulnerabilityMicrosoft Windows XPMSMQ ServiceUnspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage helix-banshee-devel is installedopenSUSE FactoryPackage helix-banshee-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage helix-dbus-server-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage helix-dbus-server-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hmconv-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hmconv-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gettext-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gettext-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fuse-devel is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage fuse-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gcc41-ada is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-ada is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gconf2-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gconf2-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hbedv-dazuko-kmp-xen is installedSUSE Linux 10.1openSUSE FactoryPackage hbedv-dazuko-kmp-xen is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySolaris Code Execution DoS VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9kernelUnknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.Brian SobyDRAFTINTERIMACCEPTEDINTERIMDRAFTINTERIMACCEPTEDACCEPTEDPackage gconf-editor is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gconf-editor is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryHTML Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gambas2-gb-gtk is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-gtk is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage fyre is installedopenSUSE 10.2openSUSE FactoryPackage fyre is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage hk_classes-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hk_classes-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gbdfed is installedopenSUSE FactoryPackage gbdfed is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage helix-banshee-engine-gst is installedopenSUSE FactoryPackage helix-banshee-engine-gst is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gtk-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."Jeff ItoDRAFTINTERIMINTERIMPackage hello-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hello-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-32bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gstreamer010-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage helix-banshee-plugins-extra is installedopenSUSE FactoryPackage helix-banshee-plugins-extra is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryServer 2003 IP Validation VulnerabilityMicrosoft Windows Server 2003Microsoft Word 2003Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gmime-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gmime-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage HLaTeX-fonts is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage HLaTeX-fonts is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-compress is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-compress is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage frozen-bubble is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage frozen-bubble is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnu-crypto is installedopenSUSE FactoryPackage gnu-crypto is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage freetype-tools is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage freetype-tools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fribidi-32bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage fribidi-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fs-check is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage fs-check is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gtk-sharp2-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gtk-sharp2-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hcode is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hcode is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage HLaTeX-fonts-extra is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage HLaTeX-fonts-extra is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage heap-buddy-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage heap-buddy-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gail-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gail-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gedit-doc is installedopenSUSE FactoryPackage gedit-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage ghostscript-cjk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ghostscript-cjk is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySecurity Vulnerability With Loading Arbitrary Kernel Modules in Solaris KernelSun Solaris 8Sun Solaris 9Sun Solaris 7Sun Solaris 2.6The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.Nicholas HansenDRAFTINTERIMINTERIMPackage hostapd-debuginfo is installedopenSUSE FactoryPackage hostapd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-cups-manager-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-cups-manager-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPowerPoint Malformed Data Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPointUnspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage hk_classes-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hk_classes-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-qt-ext is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-qt-ext is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gettext-java is installedopenSUSE 10.2openSUSE FactoryPackage gettext-java is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage fuse-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage fuse-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ginac-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ginac-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage htdig-doc is installedopenSUSE FactoryPackage htdig-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gaim-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gaim-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hbedv-dazuko-kmp-bigsmp is installedSUSE Linux 10.1openSUSE FactoryPackage hbedv-dazuko-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnomedb-sharp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gnomedb-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryMicrosoft DirectX Code Execution VulnerabilityMicrosoft Windows 2000DirectXStack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.Jeff ItoDRAFTINTERIMINTERIMMutliple Buffer Management Errors in OpenSSHRed Hat Linux 9OpenSSHMultiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage fyre-debuginfo is installedopenSUSE FactoryPackage fyre-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage fwnn-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage fwnn-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnats-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnats-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gdk-pixbuf is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gdk-pixbuf is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage FreeNX is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FreeNX is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnu-crypto-javadoc is installedopenSUSE FactoryPackage gnu-crypto-javadoc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage helix-dbus-server is installedSUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage helix-dbus-server is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gambas2-gb-qt-kde-html is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-qt-kde-html is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage hwinfo-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hwinfo-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hp2xx-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage hp2xx-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows ListView Shatter Message VulnerabilityMicrosoft Windows 2000Utilities Manager/Windows MessagingThe control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage freeradius-dialupadmin is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage freeradius-dialupadmin is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryHyperTerminal Session File Vulnerability (Terminal Server)Microsoft Windows NTHyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDJohn HoylandINTERIMDaniel TarnuACCEPTEDACCEPTEDPackage glib2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glib2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage helix-banshee-engine-helix is installedopenSUSE FactoryPackage helix-banshee-engine-helix is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage help2man-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage help2man-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hk_classes is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hk_classes is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-blog is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-blog is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fuse is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage fuse is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage fuseiso is installedopenSUSE 10.2openSUSE FactoryPackage fuseiso is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage helix-banshee-plugins-default is installedopenSUSE FactoryPackage helix-banshee-plugins-default is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryWindows Kernel LPC Privilege Escalation Vulnerability (32-bit XP,SP2)Microsoft Windows XPWindows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDWindows NT HTR ISAPI Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDOLE Component Input Validation Vulnerability (Windows XP)Microsoft Windows XPunknownThe OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage gnome-power-manager is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-power-manager is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage freetype-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freetype-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeradius-client-debuginfo is installedopenSUSE FactoryPackage freeradius-client-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage fwnncom is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fwnncom is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hugin-debuginfo is installedopenSUSE FactoryPackage hugin-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryWindows 2003 (64-Bit) Program Group Converter Buffer OverflowMicrosoft Windows Server 2003Program Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDAdobe Acrobat Reader libpng Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPAdobe Acrobat ReaderMultiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.Matthew WojcikDRAFTINTERIMACCEPTEDACCEPTEDPackage freeradius-client-libs is installedopenSUSE FactoryPackage freeradius-client-libs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage freesci-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freesci-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryBind OPT Resource Record DoS VulnerabilitySun Solaris 9BindBIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage gedit-devel is installedopenSUSE FactoryPackage gedit-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gcc41-fortran-64bit is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-fortran-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ganglia-monitor-core-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ganglia-monitor-core-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-vfs2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-vfs2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gconf2-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gconf2-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage htdig-devel is installedopenSUSE FactoryPackage htdig-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage graphviz-ocaml is installedopenSUSE FactoryPackage graphviz-ocaml is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gail-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gail-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fonts-thryomanes is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fonts-thryomanes is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."Jeff ItoDRAFTINTERIMINTERIMPackage hbedv-dazuko-kmp-default is installedSUSE Linux 10.1openSUSE FactoryPackage hbedv-dazuko-kmp-default is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gok is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gok is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage htop is installedopenSUSE FactoryPackage htop is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glibmm24-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibmm24-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hermes-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hermes-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryVulnerability in Message Queuing Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPOperating SystemStack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.Robert L. HollisDRAFTINTERIMINTERIMPackage hanterm-xf is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hanterm-xf is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage frisk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage frisk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hostap-utils-debuginfo is installedopenSUSE FactoryPackage hostap-utils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gaim-bs is installedopenSUSE 10.2openSUSE FactoryPackage gaim-bs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMutliple Buffer Management Errors in OpenSSH IIRed Hat Linux 9OpenSSHA "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage freetype2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freetype2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gtkhtml-sharp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gtkhtml-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage hbedv-dazuko is installedSUSE Linux 10.1openSUSE FactoryPackage hbedv-dazuko is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-spell2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-spell2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fontconfig-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fontconfig-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage help2man is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage help2man is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage foomatic-filters is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage foomatic-filters is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fuse_kio-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage fuse_kio-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gamin-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage gamin-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage freealut is installedopenSUSE 10.2openSUSE FactoryPackage freealut is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMemory Bugs in OpenSSHRed Hat Linux 9OpenSSH"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage hmconv is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hmconv is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows Kernel LPC Privilege Escalation Vulnerability (Server 2003)Microsoft Windows Server 2003Windows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage html-dtd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage html-dtd is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeglut-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freeglut-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gaim-otr-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gaim-otr-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-vb is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-vb is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnome-utils-devel is installedopenSUSE FactoryPackage gnome-utils-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage fox16-example-apps is installedopenSUSE 10.2openSUSE FactoryPackage fox16-example-apps is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gedit is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gedit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gdome2-debuginfo is installedopenSUSE FactoryPackage gdome2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryOpenSSH Indirect User Disclosure VulnerabilityRed Hat Linux 9OpenSSHOpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage hicolor-icon-theme is installedopenSUSE FactoryPackage hicolor-icon-theme is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage horde is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage horde is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-ide is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-ide is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage formido-music is installedopenSUSE 10.2openSUSE FactoryPackage formido-music is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gtkcard-debuginfo is installedopenSUSE FactoryPackage gtkcard-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gcc41-obj-c++ is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-obj-c++ is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gambas2-gb-xml-rpc is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-xml-rpc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ftwnn is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ftwnn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fontconfig-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fontconfig-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeglut-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freeglut-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 Temporary Internet Files folders Name Reading VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage freqtweak is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freqtweak is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hal-resmgr-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hal-resmgr-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fortune-debuginfo is installedopenSUSE FactoryPackage fortune-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage gnome-vfs-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-vfs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fvwm-themes is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage fvwm-themes is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gambas2-gb-info is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-info is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gnu-getopt-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gnu-getopt-javadoc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeradius-client-devel is installedopenSUSE FactoryPackage freeradius-client-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-good-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gstreamer010-plugins-good-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryKerberos 5 KDC Buffer Underrun in Principle Name HandlingSun Solaris 7Solaris Enterprise Authentication Mechanism (SEAM)The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").Brian SobyDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDVulnerability exists in standard Solaris kerberos and SEAM. This definition only covers SEAMmountd xlog Function Off-by-One VulnerabilityRed Hat Linux 9nfs-utilsOff-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gambas2-gb-v4l is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-v4l is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gcc42-gij is installedopenSUSE FactoryPackage gcc42-gij is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage fribidi-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fribidi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage glib2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage glib2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage framebuffer is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage framebuffer is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage galago-gtk-sharp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage galago-gtk-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hp-officeJet-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hp-officeJet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeipmi-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage freeipmi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage freefont is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage freefont is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gnome-keyring-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-keyring-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMYSQL Privilege Escalation Vulnerability via INFO OUTFILE SelectRed Hat Linux 9MySQLMySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage gimp-doc is installedopenSUSE FactoryPackage gimp-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage ftgl-devel is installedopenSUSE 10.2openSUSE FactoryPackage ftgl-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage frox-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage frox-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryApache mod_digest Nonce Verification VulnerabilitySun Solaris 8Sun Solaris 9Apachemod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.Brian SobyBrian SobyBrian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage gconf-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gconf-sharp2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage free-ttf-fonts is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage free-ttf-fonts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage HLaTeX-fonts-base is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage HLaTeX-fonts-base is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FooBillard is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FooBillard is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage frink is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage frink is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freetype2-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage freetype2-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMHTML Parsing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Outlook ExpressBuffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage gnome-applets is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-applets is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage formido-debuginfo is installedopenSUSE FactoryPackage formido-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ghostscript-library is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ghostscript-library is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hal is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hal is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hal-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hal-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gammu-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gammu-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMozilla, Firefox, Thunderbird XPInstall Security VulnerabilitySun Solaris 8mozillaMozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage fortune is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fortune is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage frozen-bubble-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage frozen-bubble-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fwnndev is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fwnndev is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP,SP1 Color Management Module Buffer OverflowMicrosoft Windows XPMicrosoft Color Management ModuleBuffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDIIS Web Server Folder TraversalMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.Tiffany BergeronACCEPTEDPackage freetype2-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freetype2-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-spell is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnome-spell is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows XP Object Management VulnerabilityMicrosoft Windows XPWindows kernelBuffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDPackage gal-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gal-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryVulnerability in DNS Could Allow SpoofingMicrosoft Windows 2000Microsoft Windows Server 2003Operating SystemThe DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDPackage fribidi-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage fribidi-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hostap-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hostap-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows Server 2003 NNTP Component Buffer OverflowMicrosoft Windows Server 2003Network News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage freetype2-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freetype2-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gobby-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gobby-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-mag-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-mag-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gstreamer010-plugins-base-doc is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gstreamer010-plugins-base-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gimp-unstable-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gimp-unstable-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Windows Server 2003 SP1 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 SP1 (x64) is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDPackage fly is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fly is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP Message Queuing Buffer OverflowMicrosoft Windows XPMessage QueuingBuffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDlpq Buffer Overflow in bsd_queue()Sun Solaris 7lpstatStack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage frink-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage frink-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fvwm2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fvwm2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gcc41-objc-64bit is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-objc-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryHP-UX ftpd Remote Unauthorized Data Access (B.11.00)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage ganglia-monitor-core is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ganglia-monitor-core is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hal-resmgr is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hal-resmgr is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hylafax-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hylafax-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gaim-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gaim-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gcc-obj-c++ is installedopenSUSE 10.2openSUSE FactoryPackage gcc-obj-c++ is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryToolTalk Buffer Overflow via TT_SESSION EnvvarSun Solaris 7CDEBuffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage graphviz-python is installedopenSUSE FactoryPackage graphviz-python is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryWINS Association Context Vulnerability (Terminal Server Test 2)Microsoft Windows NTWindows Internet Naming Service (WINS)The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage FOTAQ is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FOTAQ is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fnlib-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fnlib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryDirectAnimation ActiveX Controls Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage freeglut-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freeglut-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLSASS Privilege Escalation Vulnerability (32-bit XP, SP2)Microsoft Windows XPLocal Security Authority Subsystem Service (LSASS)LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage helix-banshee-plugins-DAAP is installedopenSUSE FactoryPackage helix-banshee-plugins-DAAP is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gnome-keyring-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-keyring-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeglut is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage freeglut is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fusepod-debuginfo is installedopenSUSE FactoryPackage fusepod-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v5.01, SP3 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage hercules is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage hercules is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gcc-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-qt-opengl is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-qt-opengl is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMYSQLd Double-free VulnerabilityRed Hat Linux 9MySQLDouble-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage fxload-2002_04_11 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fxload-2002_04_11 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gst-plugins-farsight-devel is installedopenSUSE FactoryPackage gst-plugins-farsight-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage grub is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage grub is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySecurity Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 10The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.Todd DolinskyDRAFTINTERIMINTERIMPackage hatari is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hatari is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage firmwarekit is installedopenSUSE 10.2openSUSE FactoryPackage firmwarekit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage git-email is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage git-email is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-pcre is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-pcre is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gpsdrive-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gpsdrive-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gda-sharp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gda-sharp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryInternet Information Services using Malformed Active Server Pages VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003IISBuffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft IIS 5.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft IIS 5.0 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage fftw-mpi-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw-mpi-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ftgl is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ftgl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeradius-client is installedopenSUSE FactoryPackage freeradius-client is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage fbi-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage fbi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Long Share Names VulnerabilityMicrosoft Windows 2000Windows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage FAUmachine-suse-90 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-suse-90 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ghex-devel is installedopenSUSE FactoryPackage ghex-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage fltk-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage fltk-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gdb-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdb-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hostapd is installedopenSUSE FactoryPackage hostapd is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryMutt BO VulnerabilityRed Hat Linux 9MuttBuffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage frontline is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage frontline is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage file-roller-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage file-roller-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fdecc-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage fdecc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage helix-banshee-debuginfo is installedopenSUSE FactoryPackage helix-banshee-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage glchess is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glchess is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeipmi-devel is installedSUSE Linux 10.0openSUSE FactoryPackage freeipmi-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage fping is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage fping is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."Jeff ItoDRAFTINTERIMINTERIMPackage galago-daemon is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage galago-daemon is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fop is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage fop is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryHTML Layout and Positioning Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDcachefsd DoS via Invalid RPC RequestSun Solaris 7Sun Solaris 8Sun Solaris 9cachefsdcachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.Brian SobyDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMS Word 6.0 Table Conversion Vulnerability (NT 4.0)Microsoft Windows NTMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage filesystem is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage filesystem is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fast-user-switch-applet is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage fast-user-switch-applet is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage fetchmailconf is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage fetchmailconf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fusepod is installedopenSUSE 10.2openSUSE FactoryPackage fusepod is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gsmlib-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gsmlib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage findutils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage findutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fbset-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fbset-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnumeric is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnumeric is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMalformed, Compressed .swf File Arbitrary Code Execution VulnerabilityMicrosoft Windows XPFlash PlayerUnspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage heap-buddy is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage heap-buddy is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage heartbeat-pils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage heartbeat-pils is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage f-spot is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage f-spot is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryWindows 2000 VDM Privilege Escalation VulnerabilityMicrosoft Windows 2000VDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage freetype-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freetype-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage festival-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage festival-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage frox is installedSUSE Linux 10.0openSUSE FactoryPackage frox is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage fox16-static is installedopenSUSE FactoryPackage fox16-static is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage gsf-sharp-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage gsf-sharp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flphoto is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flphoto is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryExcel Malformed STYLE Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelBuffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage glibmm2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage glibmm2 is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage heartbeat-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage heartbeat-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryGDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visual Studio .NET 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage freealut-debuginfo is installedopenSUSE FactoryPackage freealut-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage flac-xmms is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flac-xmms is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hal-doc is installedopenSUSE FactoryPackage hal-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage gambas2-gb-image is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-image is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage genisoimage is installedopenSUSE FactoryPackage genisoimage is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage fcwnncom is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fcwnncom is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fbiterm is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage fbiterm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMultilingual File Viewer .lv File Sneak Attack VulnerabilityRed Hat Linux 9lvlv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSolaris 7 cachefsd Buffer Overrun VulnerabilitySun Solaris 7cachefsdBuffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.David ProulxBrian SobyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage gnokii-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnokii-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fluidsynth is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fluidsynth is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fox16 is installedopenSUSE 10.2openSUSE FactoryPackage fox16 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage flim-xemacs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flim-xemacs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage filters-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage filters-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hp-officeJet is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage hp-officeJet is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage file-roller is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage file-roller is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gambas2-gb-net-smtp is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-net-smtp is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage fkwnndev is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fkwnndev is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hal-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hal-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMS Outlook (Word 2002) RTF/HTML Script Execution VulnerabilityMicrosoft Windows 2000Microsoft Word 2002Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.Ingrid SkoogDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage hp2xx is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hp2xx is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FAUmachine-debian-30r0 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-debian-30r0 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft DirectX Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaDirectXBuffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.Jeff ItoDRAFTINTERIMINTERIMPackage hfsplusutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hfsplusutils is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FA_clalsadrv is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FA_clalsadrv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage graphviz-gd is installedopenSUSE FactoryPackage graphviz-gd is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage fping-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fping-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryDHCP Server Logging Vulnerability (Terminal Server)Microsoft Windows NTDHCPThe DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage FAUmachine-suse-92 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-suse-92 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hostap is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hostap is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryServer Service Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemThe server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage FastCGI-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FastCGI-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage git-arch is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage git-arch is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fdupes is installedopenSUSE FactoryPackage fdupes is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows Server 2003 (64-Bit) DUNZIP Integer OverflowMicrosoft Windows Server 2003Compressed FoldersInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.David ProulxDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage fetchmail is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fetchmail is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage FreeNX-debuginfo is installedopenSUSE FactoryPackage FreeNX-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage gpart is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gpart is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fast-user-switch-applet-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fast-user-switch-applet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage finch-devel is installedopenSUSE FactoryPackage finch-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage flood-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flood-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Publisher 2000 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Publisher 2000 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage heartbeat-stonith is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage heartbeat-stonith is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage glibc-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage glibc-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage exiftool is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage exiftool is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FAUmachine-openbsd-36 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-openbsd-36 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fftw3-threads-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw3-threads-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryISA Server Reverse DNS Lookup Results SpoofingMicrosoft Windows 2000ISA Server 2000Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gnugo is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnugo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freesci is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freesci is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fftw3-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw3-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-sharp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage evolution-sharp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage hal-gnome is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hal-gnome is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage exo-debuginfo is installedopenSUSE FactoryPackage exo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage gdbm-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdbm-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySecurity Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 10Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.Todd DolinskyDRAFTINTERIMINTERIMPackage evolution-exchange-doc is installedopenSUSE FactoryPackage evolution-exchange-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryOpenSSL Integer Overflow VulnerabilitySun Solaris 8Sun Solaris 9Sun ClusterInteger overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage exo is installedopenSUSE FactoryPackage exo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage gcdmaster is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gcdmaster is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fwnn-devel is installedopenSUSE FactoryPackage fwnn-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage esound is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage esound is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ethereal-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ethereal-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeradius-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freeradius-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freealut-devel is installedopenSUSE 10.2openSUSE FactoryPackage freealut-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage heartbeat-cmpi is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage heartbeat-cmpi is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage howtoenh is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage howtoenh is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows 2003 (32-Bit) Program Group Converter Buffer OverflowMicrosoft Windows Server 2003Program Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage emil is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emil is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eruby is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage eruby is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flim is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage flim is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage etherape-debuginfo is installedopenSUSE FactoryPackage etherape-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows Telnet Server Buffer OverflowMicrosoft Windows 2000Telnet protocolBuffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.Christine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDPackage eclipse-pde is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage eclipse-pde is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eclipse-gtk2 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage eclipse-gtk2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FAUmachine-openbsd-35 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-openbsd-35 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-webcal is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage evolution-webcal is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage fonttools is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fonttools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWord 2003 Malicious .doc Buffer Overflow IIMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003SambaBuffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gnome-vfsmm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-vfsmm is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fxload-debuginfo-2002_04_11 is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fxload-debuginfo-2002_04_11 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage edict-emacs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage edict-emacs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage figlet is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage figlet is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLPRng Symbolic Link Attack VulnerabilityRed Hat Linux 9LPRngpsbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage FA_clalsadrv-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FA_clalsadrv-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fly-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fly-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage emu-tools is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emu-tools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryExcel 2002 File Handler Code Execution VulnerabilityMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Excel 2002Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.Matthew BurtonDRAFTJohn HoylandDRAFTPackage exim-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage exim-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP (32-bit) RPCSS DCOM Buffer Overflow (Blaster)Microsoft Windows XPDistributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage eject is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage eject is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage evolution-data-server-doc is installedopenSUSE FactoryPackage evolution-data-server-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage flac is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage flac is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage eblook is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eblook is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FileZilla-debuginfo is installedopenSUSE FactoryPackage FileZilla-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ejb-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ejb-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-data-server-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-data-server-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryGDI+ JPEG Parsing Engine Buffer Overflow (IE6)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage ecj-bootstrap is installedopenSUSE 10.2openSUSE FactoryPackage ecj-bootstrap is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage FA_clthreads-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FA_clthreads-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eclipse-scripts is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage eclipse-scripts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flac-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flac-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flex-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flex-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fvwm2-gtk is installedopenSUSE FactoryPackage fvwm2-gtk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryHP-UX ftpd Remote Unauthorized Data Access (B.11.11)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage freeradius-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage freeradius-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryVulnerability in SMBv2 Could Allow Remote Code ExecutionMicrosoft Windows VistaSMBv2Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."Robert L. HollisDRAFTINTERIMINTERIMPackage f2c is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage f2c is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage galago-daemon-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage galago-daemon-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage enlightenment-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enlightenment-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-panel-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-panel-doc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-system-tools-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-system-tools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fftw3-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw3-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-sharp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-sharp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fftw-mpi is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw-mpi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWord 2003 (wordview) Malicious .doc Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2003Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDChris WoodINTERIMACCEPTEDACCEPTEDSolaris 7 RPC xdr_array Buffer OverflowSun Solaris 7libnslInteger overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.David ProulxMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage hfsutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage hfsutils is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fillup is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fillup is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage exo-devel is installedopenSUSE FactoryPackage exo-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ebview-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ebview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FAUmachine-base is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-base is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eclipse-subversive is installedopenSUSE 10.2openSUSE FactoryPackage eclipse-subversive is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMicrosoft Windows XP x64 Edition SP2 is installedMicrosoft Windows XPA version of Microsoft Windows XP Professional x64 Edition Service Pack 2 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDPackage enchant-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enchant-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ebtables-debuginfo-v2 is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ebtables-debuginfo-v2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryBuffer Overflow in DNS Resolver LibrarySun Solaris 7BindBuffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.Brian SobyDRAFTINTERIMACCEPTEDACCEPTED.NET 2.0 Application Folder Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003.NET FrameworkMicrosoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."Robert L. HollisINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage FastCGI-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FastCGI-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freqtweak-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freqtweak-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ElectricFence-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ElectricFence-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-pilot is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage evolution-pilot is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage enscript-debuginfo is installedopenSUSE FactoryPackage enscript-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage gcc41-locale is installedopenSUSE 10.2openSUSE FactoryPackage gcc41-locale is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage fontforge-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fontforge-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FA_clthreads is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FA_clthreads is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage formido is installedopenSUSE 10.2openSUSE FactoryPackage formido is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gcc42-java is installedopenSUSE FactoryPackage gcc42-java is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage ecryptfs-utils-debuginfo is installedopenSUSE FactoryPackage ecryptfs-utils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage hal-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hal-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freetype-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freetype-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnet is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gnet is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage FAUmachine-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fileshareset is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fileshareset is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ebdev is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ebdev is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage elilo-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage elilo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage emacs-lisp-intro is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emacs-lisp-intro is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryRHE4 InstallVersion.compareTo() DoS and Code Execution VulnerabilityRed Hat Enterprise Linux 4mozillaFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDWindows XP, IE v6.0 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage ez-ipupdate is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ez-ipupdate is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-data-server-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-data-server-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage e2fsprogs-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage e2fsprogs-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gaim-galago is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gaim-galago is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ethtool-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ethtool-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage finch is installedopenSUSE FactoryPackage finch is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage fnfx-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fnfx-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fusesmb-debuginfo is installedopenSUSE FactoryPackage fusesmb-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ebview is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ebview is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0,SP1 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage flash-player is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage flash-player is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage expect-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage expect-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage enblend-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enblend-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eblook-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eblook-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fastjar is installedopenSUSE 10.2openSUSE FactoryPackage fastjar is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gammu is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gammu is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evince-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evince-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP4 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage enigma is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enigma is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-libs-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-libs-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gnome-alsamixer-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gnome-alsamixer-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eazy is installedSUSE Linux 10.0openSUSE FactoryPackage eazy is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage FlightGear is installedopenSUSE 10.2openSUSE FactoryPackage FlightGear is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage evolution-galago-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-galago-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage enchant-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enchant-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epiphany is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage epiphany is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage farsight-debuginfo is installedopenSUSE FactoryPackage farsight-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage heartbeat-gui is installedopenSUSE 10.2openSUSE FactoryPackage heartbeat-gui is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage glibc-obsolete is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage glibc-obsolete is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryOutlook Express 6 for Windows 2003 is installedMicrosoft Windows Server 2003Outlook Express 6 for Windows 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage fbi is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage fbi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fam-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fam-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage eIDconfig-belgium is installedopenSUSE 10.2openSUSE FactoryPackage eIDconfig-belgium is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage fftw3-threads is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw3-threads is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage exiftran is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage exiftran is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage html2text is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage html2text is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-data-server is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage evolution-data-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fftw-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epplet-base-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage epplet-base-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fltk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fltk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Client Service for NetWare Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003NetWareUnspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage ethtool is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ethtool is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage eel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eel-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fftw-threads-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw-threads-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage howto is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage howto is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage freeipmi-utils is installedSUSE Linux 10.0openSUSE FactoryPackage freeipmi-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage freeglut-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freeglut-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eiciel-debuginfo is installedopenSUSE FactoryPackage eiciel-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage evolution-galago is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-galago is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage exifprobe is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage exifprobe is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eximstats-html is installedopenSUSE 10.2openSUSE FactoryPackage eximstats-html is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryHP-UX 11.04 Blind Connection Reset Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage emacs-url is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emacs-url is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epiphany-extensions is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage epiphany-extensions is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fribidi-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fribidi-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fontconfig-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fontconfig-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evms-ha is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage evms-ha is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryApache Error Log Escape Sequence Injection VulnerabilitySun Solaris 8Sun Solaris 9ApacheApache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.Brian SobyBrian SobyBrian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage fonts-arabic is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage fonts-arabic is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage fltk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fltk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ethereal-devel is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage ethereal-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ethereal is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ethereal is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryKDE Konqueror Userid/Password Disclosure VulnerabilityRed Hat Linux 9KonquerorKDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage flac-xmms-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flac-xmms-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-data-server-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage evolution-data-server-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage heartbeat is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage heartbeat is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gail-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gail-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dx is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage evince is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage evince is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fuseiso-debuginfo is installedopenSUSE FactoryPackage fuseiso-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage eID-belgium-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eID-belgium-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eclipse-platform is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage eclipse-platform is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fastjar-debuginfo is installedopenSUSE FactoryPackage fastjar-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryHP-UX ftpd Remote Unauthorized Data Access (B.11.04)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDSolaris 7 RWall Daemon Syslog Format String VulnerabilitySun Solaris 7rpc.rwalldFormat string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage gamix is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gamix is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMultiple Vulnerabilities in lpstat and libprintSun Solaris 7lpstat, libprintUnknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage dvgt-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dvgt-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage enigma-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enigma-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryA Security Vulnerability in Solaris Volume Manager (SVM) May Allow a Denial of Service (DoS)Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDPackage freeciv is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freeciv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gjiten is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gjiten is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fillets-ng is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fillets-ng is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eclipse-cdt is installedopenSUSE 10.2openSUSE FactoryPackage eclipse-cdt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage eclipse is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eclipse is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.5,SP2 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDACCEPTEDPackage eclipse-cdt-debuginfo is installedopenSUSE FactoryPackage eclipse-cdt-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage flac-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flac-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eximon is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eximon is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epydoc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage epydoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE6,SP2 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage emacs-nox is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage emacs-nox is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dvgrab is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvgrab is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hplip-hpijs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hplip-hpijs is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fam is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fam is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fwnn is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fwnn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.5 Cross Domain Verification via Cached Methods VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."Harvey RubinovitzACCEPTEDACCEPTEDPackage gemdropx is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gemdropx is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ganglia-monitor-core-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ganglia-monitor-core-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epiphany-extensions-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage epiphany-extensions-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySuppressed: Duplicate of OVAL1655Microsoft Windows Server 2003Microsoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDPackage dog is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dog is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ganglia-monitor-core-gmetad is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ganglia-monitor-core-gmetad is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ekiga is installedopenSUSE 10.2openSUSE FactoryPackage ekiga is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage dvbd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvbd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gamin is installedSUSE Linux 10.0openSUSE FactoryPackage gamin is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage ganglia-webfrontend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ganglia-webfrontend is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMSHTA Code Execution Vulnerability (32-bit Server 2003)Microsoft Windows Server 2003Windows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage eID-belgium is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eID-belgium is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dvi2tty-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvi2tty-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage exifprobe-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage exifprobe-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage etherape is installedopenSUSE 10.2openSUSE FactoryPackage etherape is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ez-ipupdate-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ez-ipupdate-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage expat-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage expat-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eciadsl-usermode is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eciadsl-usermode is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ebtables-v2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ebtables-v2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freetype2-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freetype2-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage esound-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage esound-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Winsock Proxy Service Denial of ServiceMicrosoft Windows 2000ISA Server 2000The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.Tiffany BergeronACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage fkwnn is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fkwnn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage drbd-kmp-xen is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage drbd-kmp-xen is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage docbook-xsl-stylesheets is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage docbook-xsl-stylesheets is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dosemu-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dosemu-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dosutils is installedopenSUSE FactoryPackage dosutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage f2c-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage f2c-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fribidi is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fribidi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage frisk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage frisk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freeradius is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage freeradius is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage efont-unicode is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage efont-unicode is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryHP-UX 11.23 Path MTU Discovery Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage dvbstream-debuginfo is installedopenSUSE FactoryPackage dvbstream-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dos2unix-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dos2unix-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryShell Redirect Symlink Attack VulnerabilitySun Solaris 7Sun Solaris 8Bourne Shell (sh)Bourne Again Shell (bash)TENEX C Shell (tcsh)C Shell (csh)Korn Shell (ksh)Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.Brian SobyDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMMatthew WojcikACCEPTEDACCEPTEDPackage docbook2x is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage docbook2x is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage DirectFB-devel is installedopenSUSE 10.2openSUSE FactoryPackage DirectFB-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage FlightGear-data is installedopenSUSE 10.2openSUSE FactoryPackage FlightGear-data is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factorySMB Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000SMB (Server Message Block)The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage docbook_3 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage docbook_3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage emacs-vm-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage emacs-vm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eperl is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eperl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Client Service for NetWare Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003NetWareBuffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage drbd-kmp-iseries64 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage drbd-kmp-iseries64 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage exif is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage exif is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dovecot-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dovecot-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FA_clxclient-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FA_clxclient-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage doxygen is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage doxygen is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage epic-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage epic-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eruby-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage eruby-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryExchange Server SMTP Buffer OverflowMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Exchange ServerHeap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage fillets-ng-data is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fillets-ng-data is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryDtMail Local Command Line Format String VulnerabilitySun Solaris 8Sun Solaris 9DtMailFormat string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDCode Execution via Compiled HTML Help FileMicrosoft Windows 2000HTML Help FacilityThe HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage fftw3 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas2-gb-sdl is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-sdl is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ekiga-debuginfo is installedopenSUSE FactoryPackage ekiga-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage hydrogen-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hydrogen-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dosfstools-debuginfo is installedopenSUSE FactoryPackage dosfstools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage fontforge is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fontforge is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage drbd-kmp-smp is installedSUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage drbd-kmp-smp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryOffice XP URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office XP SP3Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogIngrid SkoogIngrid SkoogAnna MinDRAFTINTERIMACCEPTEDINTERIMACCEPTEDACCEPTEDWindows Kernel LPC Privilege Escalation Vulnerability (NT Terminal Server)Microsoft Windows NTWindows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage evolution-exchange is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage evolution-exchange is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factorySNMP Request Handling Buffer OverflowMicrosoft Windows NTSimple Network Management Protocol (SNMP)Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.Matt BusbyMatthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDPackage dvgrab-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvgrab-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epos is installedopenSUSE 10.2SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage epos is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage expect is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage expect is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fam-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fam-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage festival-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage festival-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hbedv-dazuko-kmp-debug is installedSUSE Linux 10.1openSUSE FactoryPackage hbedv-dazuko-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage digikamimageplugins-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage digikamimageplugins-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage e2fsprogs-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage e2fsprogs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage findutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage findutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage diald-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage diald-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryC-Media Sound Driver Userspace Access VulnerabilityRed Hat Linux 9Linux kernelThe C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage FAUmachine-suse-91 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-suse-91 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage heartbeat-ldirectord is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage heartbeat-ldirectord is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage emacs-vm is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage emacs-vm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage doc++ is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage doc++ is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryOffice XP, SP2 WordPerfect Converter Buffer OverflowMicrosoft Windows XPMicrosoft Office XP SP2Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDPackage firmwarekit-debuginfo is installedopenSUSE FactoryPackage firmwarekit-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryGDI+ JPEG Parsing Engine Buffer Overflow (Windows XP)Microsoft Windows XPGDI+Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage emacs-calc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emacs-calc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage emacs-el is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage emacs-el is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage finger-debuginfo is installedopenSUSE FactoryPackage finger-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v5.5,SP2 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxACCEPTEDMicrosoft Word VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordInteger overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage fluidsynth-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fluidsynth-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dos2unix is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dos2unix is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dovecot is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dovecot is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fcwnn is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fcwnn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fftw is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage fftw is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryWindows XP Access Requests Privilege Escalation VulnerabilityMicrosoft Windows XPWindows kernelThe kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDPackage dx-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dx-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dosbootdisk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dosbootdisk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage docbook2x-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage docbook2x-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eel-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage eel-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMicrosoft PowerPoint Mso.dll VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating Systemmso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox Certificate Spoofing VulnerabilitySun Solaris 8mozillaMozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage gau is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gau is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gitk is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage gitk is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dhcp-tools is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcp-tools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage eel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage eel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hal-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hal-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gaim-otr is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage gaim-otr is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage fox16-debuginfo is installedopenSUSE FactoryPackage fox16-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage f-spot-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage f-spot-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fcwnndev is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fcwnndev is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eiciel is installedopenSUSE 10.2openSUSE FactoryPackage eiciel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ElectricFence is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage ElectricFence is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage DirectFB-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage DirectFB-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fam-server is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fam-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fuse_kio is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage fuse_kio is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage etherboot is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage etherboot is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryHyperTerminal Session File Vulnerability (NT 4.0)Microsoft Windows NTHyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMDaniel TarnuACCEPTEDACCEPTEDPackage figlet-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage figlet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fnlib is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fnlib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dnsmasq is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dnsmasq is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMIT Kerberos 5 Key Distribution Center Remote Denial of Service VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10KerberosMIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDPackage dx-devel is installedopenSUSE FactoryPackage dx-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage digikamimageplugins-superimpose is installedopenSUSE FactoryPackage digikamimageplugins-superimpose is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage enchant is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enchant is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryRPCSS DCOM Buffer Overflow (Server 2003)Microsoft Windows Server 2003Distributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage giflib-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage giflib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dvi2tty is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvi2tty is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage diffutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage diffutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flamethrower is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flamethrower is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ejb is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ejb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryin.named Process Crash VulnerabilitySun Solaris 8BindUnknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) Gold is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Gold is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage fluidsynth-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fluidsynth-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dvd+rw-tools-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvd+rw-tools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryAnimated Cursor Denial of Service (NT 4.0 Terminal Server)Microsoft Windows NTWindows Animated CursorThe Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gdk-pixbuf-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gdk-pixbuf-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage diald is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage diald is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eject-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eject-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows NT VDM Privilege Escalation VulnerabilityMicrosoft Windows NTVDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage gcc-info is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gcc-info is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage finger-server is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage finger-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage enblend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enblend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01, SP3 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage doc-gnu-ko is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage doc-gnu-ko is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage FAUmachine is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage drbd-kmp-debug is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage drbd-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage engine_pkcs11 is installedopenSUSE 10.2openSUSE FactoryPackage engine_pkcs11 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage flood is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flood is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dinat is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dinat is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage deltarpm-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage deltarpm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP Font Buffer Overflow (SP2)Microsoft Windows XPWindows kernelBuffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDPackage dvbtune-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dvbtune-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySWF Movie Arbitrary Code Execution VulnerabilityMicrosoft Windows XPFlash PlayerBuffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage djvulibre is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage djvulibre is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage emacs-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emacs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage docbook_5 is installedopenSUSE FactoryPackage docbook_5 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage devel_rpm_build is installedopenSUSE 10.2openSUSE FactoryPackage devel_rpm_build is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage encfs is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage encfs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dssi is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dssi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage e2fsprogs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage e2fsprogs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage desktop-data-SuSE-extra is installedopenSUSE FactoryPackage desktop-data-SuSE-extra is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dhcp-server is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcp-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage device-mapper-32bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage device-mapper-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 Malformed PNG Image File Failure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage fontconfig-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fontconfig-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fonttools-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fonttools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gconf2-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gconf2-32bit is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE6,SP1 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage dietlibc-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dietlibc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage devs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage devs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dhcp6 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcp6 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dragonegg-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dragonegg-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fdecc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fdecc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage devilspie is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage devilspie is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 (XP) ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage elisp-manual is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage elisp-manual is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage farsight-devel is installedopenSUSE FactoryPackage farsight-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage efont-serif-ttf is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage efont-serif-ttf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dita-ot is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dita-ot is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage drbd-kmp-xenpae is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage drbd-kmp-xenpae is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage diffmk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage diffmk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows Server 2003 (32-Bit) DUNZIP Integer OverflowMicrosoft Windows Server 2003Compressed FoldersInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.David ProulxDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDVulnerability in Windows Kernel Could Allow Elevation of PrivilegeMicrosoft Windows VistaOperating SystemUnspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."Robert L. HollisDRAFTINTERIMINTERIMPackage flex-old is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage flex-old is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE5.01,SP4 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage dicts is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage dicts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage digikam-lang is installedopenSUSE FactoryPackage digikam-lang is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage e2fsprogs-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage e2fsprogs-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dovecot-devel is installedopenSUSE FactoryPackage dovecot-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dhcdbd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dhcdbd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FileZilla is installedopenSUSE FactoryPackage FileZilla is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage expat-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage expat-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evms-gui is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage evms-gui is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage eric is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage eric is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage djvulibre-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage djvulibre-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE5.01,SP4 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows 2000 IIS HTTP Header Field Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDPackage docbook_4 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage docbook_4 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage exim is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage exim is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage device-mapper-devel is installedopenSUSE 10.2openSUSE FactoryPackage device-mapper-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage delayacct-utils-debuginfo is installedopenSUSE FactoryPackage delayacct-utils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage faces is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage faces is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fftw-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dcraw-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dcraw-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dosemu is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dosemu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage frontline-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage frontline-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage diffstat-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage diffstat-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryOffice Improper Memory Access VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHelp and Support Center PCHealth System Buffer Overflow (32-bit XP)Microsoft Windows XPWindows Help and Support CenterStack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage digikam-doc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage digikam-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eperl-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eperl-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage devhelp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage devhelp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ddiwrapper-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ddiwrapper-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gcc42-locale is installedopenSUSE FactoryPackage gcc42-locale is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage docutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage docutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMS Word 6.0 Font Conversion Vulnerability (32-bit XP)Microsoft Windows XPMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office XP SP2Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage deskbar-applet is installedopenSUSE 10.2openSUSE FactoryPackage deskbar-applet is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryIE v6.0 Cross Domain Verification via Cached Methods VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage dejagnu is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dejagnu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fam-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fam-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage doxywizard-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage doxywizard-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ddskk-xemacs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ddskk-xemacs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage farsifonts is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage farsifonts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dictd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dictd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage drbd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage drbd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v6.0,SP1 (Server 2003) SSL Cached Content VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage engine_pkcs11-debuginfo is installedopenSUSE FactoryPackage engine_pkcs11-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage fluidsynth-dssi is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fluidsynth-dssi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryC-Media Sound Driver Userspace Access Vulnerability IIRed Hat Linux 9Linux kernelThe C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage evms-devel is installedopenSUSE FactoryPackage evms-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage desktop-file-utils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage desktop-file-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dvb-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvb-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage firmwarekit-r1 is installedopenSUSE 10.2openSUSE FactoryPackage firmwarekit-r1 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage gbuffy-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gbuffy-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dx-data is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dx-data is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FAUmachine-redhat-9 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-redhat-9 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage freetype2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage freetype2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage hcode-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage hcode-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage docbook-simple is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage docbook-simple is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLunix Kernel NFSv3 Procedure Kernel Panic VulnerabilityRed Hat Linux 9Linux kernelInteger signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage ddclient is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage ddclient is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage digikam-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage digikam-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage device-mapper-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage device-mapper-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dietzlib is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dietzlib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dhcp-client is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcp-client is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dog-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dog-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eel-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eel-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dds2tar is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dds2tar is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE AbusiveParent Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMAndrew ButtnerACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage fusesmb is installedopenSUSE 10.2openSUSE FactoryPackage fusesmb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryLinux Kernel Bridge Forwarding Table Spoof VulnerabilityRed Hat Linux 9Linux kernelLinux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage deb-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage deb-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage expat-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage expat-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage doxywizard is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage doxywizard is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage drac-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage drac-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flex-old-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage flex-old-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FastCGI is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage FastCGI is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dmapi-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dmapi-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage drbd-kmp-bigsmp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage drbd-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gambas2-runtime is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-runtime is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage docbook-toys is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage docbook-toys is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factorySTP Protocol Length Verification VulnerabilityRed Hat Linux 9Linux kernelThe STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage DirectFB-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage DirectFB-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage emacs-x11 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage emacs-x11 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage delayacct-utils is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage delayacct-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage f2c-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage f2c-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage docudir is installedopenSUSE FactoryPackage docudir is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage hostap-utils is installedopenSUSE FactoryPackage hostap-utils is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage freetype is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage freetype is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dbxml is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dbxml is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryBuffer Overflow in ntp Daemon via readvarSun Solaris 7Sun Solaris 8sendfilev()Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage eciadsl-usermode-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eciadsl-usermode-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage emacs-info is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage emacs-info is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dvbstream is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvbstream is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dhcpcd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dhcpcd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWinXP Path MTU Discovery Attack VulnerabilityMicrosoft Windows XPWindows XPMultiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage ht2html is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ht2html is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWin2k IP Validation VulnerabilityMicrosoft Windows 2000Windows 2000Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage evince-doc is installedopenSUSE FactoryPackage evince-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows XP (64-Bit) Program Group Converter Buffer Overflow in shell32.dllMicrosoft Windows XPWindows ShellBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage dictd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dictd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage drgeo-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage drgeo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorygzip Directory Traversal VulnerabilityRed Hat Enterprise Linux 3gzipDirectory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDPackage FAUmachine-fc-3 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FAUmachine-fc-3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage engdic is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage engdic is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryURL Parsing Memory Corruption Vulnerability (IE6 for XP,SP2)Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage drbd-kmp-default is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage drbd-kmp-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage emacs-w3-cvs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emacs-w3-cvs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage doxygen-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage doxygen-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage emu-tools-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emu-tools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage desktop-file-utils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage desktop-file-utils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gbdfed-debuginfo is installedopenSUSE FactoryPackage gbdfed-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryGDI+ JPEG Parsing Engine Buffer Overflow (Project 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDServer 2003 HTML Help Remote Code Execution VulnerabilityMicrosoft Windows Server 2003HTML Help FacilityInteger overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.Andrew ButtnerDRAFTINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDPackage dbxml-utils is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dbxml-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dmapi-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dmapi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage device-mapper-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage device-mapper-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dhcp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dhcp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage exif-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage exif-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dirmngr is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dirmngr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ecryptfs-utils is installedopenSUSE FactoryPackage ecryptfs-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dragonegg is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage dragonegg is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dbus-1-qt-32bit is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbus-1-qt-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage docbook-tdg is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage docbook-tdg is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryInsecure Design of the STP ProtocolRed Hat Linux 9Linux kernelThe STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows 2000 Group Policy BypassMicrosoft Windows 2000Windows 2000Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.Tiffany BergeronChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDApache Web Server Multiple Module Local Buffer OverflowSun Solaris 8Sun Solaris 9ApacheMultiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage eog-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage eog-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage FooBillard-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FooBillard-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage doc++-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage doc++-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage elilo is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage elilo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dosbox-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dosbox-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage garlic-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage garlic-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage docbook-xml-slides is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage docbook-xml-slides is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dviutils-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dviutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ddt-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage ddt-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryMicrosoft Excel Malformed SELECTION record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelBuffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."Robert L. HollisINTERIMACCEPTEDACCEPTEDPackage freeglut-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freeglut-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dosfstools is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dosfstools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dhcpcd is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcpcd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gail is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage gail is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dbus-1-qt is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-qt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage db-java is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db-java is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-glib is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-glib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage drgeo is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage drgeo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flphoto-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flphoto-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hplip is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage hplip is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage enscript is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage enscript is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dazuko-kmp-xenpae is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dazuko-kmp-xenpae is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dmraid is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dmraid is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dbus-1-qt3 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-qt3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dbus-1-python is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-python is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage datakiosk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage datakiosk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.5,SP2 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage flex-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flex-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage docbook-css-stylesheets is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage docbook-css-stylesheets is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage detex-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage detex-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factory.NET Framework 2.0 Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003.NET FrameworkCross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage dbh-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbh-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows ME Program Group Converter Buffer OverflowMicrosoft Windows MEProgram Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage gambas-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gambas-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage esound-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage esound-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eclipse-archdep is installedopenSUSE FactoryPackage eclipse-archdep is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ddd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ddd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fontconfig-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fontconfig-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dietlibc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dietlibc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbview is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbview is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP,SP2 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows XPOperating SystemThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage dhcp-tools-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dhcp-tools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbench-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dbench-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbus-1-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dviutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dviutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-python-devel is installedopenSUSE FactoryPackage dbus-1-python-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage db42-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db42-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage devhelp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage devhelp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryDHTML Object Memory Corruption Vulnerability (IE6,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage deskbar-applet-devel is installedopenSUSE 10.2openSUSE FactoryPackage deskbar-applet-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage db43-java is installedopenSUSE 10.2openSUSE FactoryPackage db43-java is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryRIS Writable Path VulnerabilityMicrosoft Windows 2000Operating SystemThe Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage gambas2-gb-net is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-net is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ddskk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ddskk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ctags is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ctags is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage datakiosk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage datakiosk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epiphany-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage epiphany-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage gambas2-gb-debug is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-debug is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMS Word 6.0 Table Conversion Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage cyrus-sasl-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cyrus-sasl-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-python-debuginfo is installedopenSUSE FactoryPackage dbus-1-python-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage freeciv-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freeciv-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryHTML Help ActiveX Control Buffer OverflowMicrosoft Windows 2000HTML Help ActiveX ControlBuffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.Christine WalzerAndrew ButtnerACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDPackage deltarpm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage deltarpm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fftw-threads is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fftw-threads is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-sasl-gssapi is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl-gssapi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage gambas2-gb-db-form is installedopenSUSE 10.2openSUSE FactoryPackage gambas2-gb-db-form is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage dbus-1-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cscope-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cscope-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dmraid-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dmraid-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage gambas is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage gambas is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fonts-config is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fonts-config is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage derby is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage derby is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIIS AddHeader Large Header Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.Tiffany BergeronChristine WalzerINTERIMACCEPTEDACCEPTEDPackage ddrescue-debuginfo is installedopenSUSE FactoryPackage ddrescue-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dejavu is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dejavu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cyrus-sasl-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cyrus-sasl-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-sasl-saslauthd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cyrus-sasl-saslauthd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage g3utils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage g3utils is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dds2tar-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dds2tar-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage csmash-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage csmash-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-qt3-32bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dbus-1-qt3-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hypermail is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hypermail is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-sasl-sqlauxprop is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl-sqlauxprop is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v6.0,SP1 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage cvs2svn is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cvs2svn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flac-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage flac-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ddt is installedSUSE Linux 10.0openSUSE FactoryPackage ddt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage curl-ca-bundle is installedopenSUSE FactoryPackage curl-ca-bundle is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dbxml-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dbxml-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cups-SUSE-ppds-dat is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cups-SUSE-ppds-dat is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage curlftpfs-debuginfo is installedopenSUSE FactoryPackage curlftpfs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage drbd-kmp-ppc64 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage drbd-kmp-ppc64 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-spu-binutils-debuginfo is installedopenSUSE FactoryPackage cross-spu-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage freetype2-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage freetype2-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.5,SP2 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDACCEPTEDPackage db-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage db-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cyrus-sasl-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cyrus-sasl-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-java is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-java is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage d4x-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage d4x-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cryptix-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cryptix-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage drbd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage drbd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-mono is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-mono is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-spu-gcc is installedopenSUSE FactoryPackage cross-spu-gcc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage desktop-data-SuSE is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage desktop-data-SuSE is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dante-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dante-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v5.01,SP4 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows NT IIS Directory Traversal Command Execution (Test 1)Microsoft Windows NTMicrosoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Tiffany BergeronACCEPTEDPackage db40-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db40-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbench is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage dbench is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage csound-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage csound-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dtc-debuginfo is installedopenSUSE FactoryPackage dtc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ding is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ding is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dapi is installedopenSUSE 10.2openSUSE FactoryPackage dapi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage flac-bmp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flac-bmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage htmldoc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage htmldoc is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-spu-gcc-static is installedopenSUSE FactoryPackage cross-spu-gcc-static is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-spu-newlib-debuginfo is installedopenSUSE FactoryPackage cross-spu-newlib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v5.01,SP3 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage findutils-locate is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage findutils-locate is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dhcp6-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dhcp6-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dcraw is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage dcraw is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage evms is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage evms is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryHelp and Support Center PCHealth System Buffer Overflow (64-bit XP)Microsoft Windows XPHelp and Support Center (HSC)Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage dapi-devel is installedopenSUSE 10.2openSUSE FactoryPackage dapi-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage cyrus-sasl-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dhcdbd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcdbd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dapl is installedopenSUSE FactoryPackage dapl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage db43-devel is installedopenSUSE 10.2openSUSE FactoryPackage db43-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryIE v5.01,SP2 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage hanterm-xf-debuginfo is installedopenSUSE FactoryPackage hanterm-xf-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage db41-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db41-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWINS Association Context Vulnerability (64-bit Server 2003, Test 2)Microsoft Windows Server 2003Windows Internet Naming Service (WINS)The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDPackage encfs-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage encfs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage desktop-translations is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage desktop-translations is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dirmngr-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dirmngr-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage Crystalcursors is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage Crystalcursors is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-spu-newlib is installedopenSUSE FactoryPackage cross-spu-newlib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-x86_64-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-x86_64-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hotkey-setup is installedopenSUSE 10.2openSUSE FactoryPackage hotkey-setup is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 3)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft SharePoint Team ServicesBuffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage fetchmail-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fetchmail-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage diffstat is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage diffstat is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage ft2demos is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ft2demos is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dbus-1-qt-64bit is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbus-1-qt-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dazuko-kmp-debug is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dazuko-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fnfx is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fnfx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-spu-gcc-debuginfo is installedopenSUSE FactoryPackage cross-spu-gcc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage e2fsprogs-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage e2fsprogs-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db1-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db1-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flex is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage flex is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 2)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft FrontPage Server Extensions 2002Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage dbus-1-devel-doc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dbus-1-devel-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ec-fonts-mftraced is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ec-fonts-mftraced is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPortable Network Graphics Library Offset Calculation VulnerabilityRed Hat Enterprise Linux 3libpngPortable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDPackage cyrus-sasl-plain is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl-plain is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cryptix-asn1-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cryptix-asn1-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db40-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db40-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage hdparm-debuginfo is installedopenSUSE FactoryPackage hdparm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:factoryPackage dbus-1-mono-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dbus-1-mono-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dirdiff is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage dirdiff is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cryptconfig is installedopenSUSE FactoryPackage cryptconfig is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cups-backends is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cups-backends is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage des-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage des-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evms-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evms-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dcraw-gnome is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dcraw-gnome is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dapi-debuginfo is installedopenSUSE FactoryPackage dapi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage docbook-utils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage docbook-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage docbook-xml-website is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage docbook-xml-website is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epplet-base is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage epplet-base is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dapi-kde is installedopenSUSE 10.2openSUSE FactoryPackage dapi-kde is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage hermes-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage hermes-devel is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 1)Microsoft Windows XPMicrosoft FrontPage Server Extensions 2000Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDPackage docbook-dsssl-stylesheets is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage docbook-dsssl-stylesheets is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage drac is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage drac is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorypriocntl Directory Traversal VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9priocntl()Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage eclipse-jdt is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage eclipse-jdt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dapl-devel is installedopenSUSE FactoryPackage dapl-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage handedict is installedopenSUSE 10.2openSUSE FactoryPackage handedict is installed.Thomas R. JonesDRAFTINTERIMINTERIMcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage fhs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fhs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dosbox is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dosbox is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cryptconfig-debuginfo is installedopenSUSE FactoryPackage cryptconfig-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ddd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage ddd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIE v5.01,SP4 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage db-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-glib-doc is installedopenSUSE FactoryPackage dbus-1-glib-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-spu-gcc-static-debuginfo is installedopenSUSE FactoryPackage cross-spu-gcc-static-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-avr-gcc42 is installedopenSUSE FactoryPackage cross-avr-gcc42 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ctwm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ctwm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage eruby-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage eruby-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-sasl-crammd5 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl-crammd5 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows Media Format Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaWindows Media PlayerHeap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.Jeff ItoDRAFTINTERIMINTERIMPackage fvwm2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fvwm2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db43-64bit is installedopenSUSE 10.2openSUSE FactoryPackage db43-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryIE v5.01,SP3 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage emacs-auctex is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage emacs-auctex is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dockutils is installedopenSUSE 10.2openSUSE FactoryPackage dockutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage eclipse-source is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage eclipse-source is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbus-1-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-glib-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbus-1-glib-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage device-mapper is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage device-mapper is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cups-drivers is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cups-drivers is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage db1-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db1-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbh is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbh is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-ia64-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-ia64-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP2 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage epos-debuginfo is installedopenSUSE FactoryPackage epos-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cracklib-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cracklib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db-utils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage db-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySendmail Ruleset Parsing Buffer OverflowSun Solaris 7Sun Solaris 8Sun Solaris 9SendmailA "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.Brian SobyDRAFTDRAFTPackage ctapi-cyberjack-64bit is installedopenSUSE 10.2openSUSE FactoryPackage ctapi-cyberjack-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryWindows NT Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows NTMicrosoft Internet ExplorerThe Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMozilla, Firefox, Thunderbird Security Lock Icon Spoof VulnerabilitySun Solaris 8mozillaMozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage cyrus-sasl-saslauthd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl-saslauthd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryRuntime linker, ld.so.1 LD_PRELOAD Envvar Buffer OverflowSun Solaris 7Solaris Runtime LinkerStack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage dazuko-kmp-default is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dazuko-kmp-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySun Java System Access Manager Local Authentication Bypass VulnerabilitySun Solaris 10Sun Solaris 9Sun Solaris 8Access ManagerUnspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDMicrosoft Windows NT is installedMicrosoft Windows NTThe operating system installed on the system is Microsoft Windows NT.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage crafty-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage crafty-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-x11 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-x11 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-arm-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-arm-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cups-libs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cups-libs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cyrus-sasl-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cyrus-sasl-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cscope is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage cscope is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dbus-1-glib-devel is installedopenSUSE 10.2openSUSE FactoryPackage dbus-1-glib-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage db42-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db42-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db-java-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage db-java-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage dbus-1-gtk is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-gtk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v6.0,SP1 (Server 2003) Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage cross-ppc-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-ppc-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage esound-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage esound-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-x86_64-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-x86_64-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE6.0,SP1 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWeb View Remote Code Execution VulnerabilityMicrosoft Windows 2000Windows ExplorerThe Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.Ingrid SkoogDRAFTAndrew ButtnerINTERIMACCEPTEDACCEPTEDPackage cross-mips-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-mips-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-alpha-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-alpha-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLicense Logging Service Vulnerability (Server 2003)Microsoft Windows Server 2003MDAC 2.8The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbtirary code, aka the "License Logging Service Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDPackage db-doc is installedopenSUSE FactoryPackage db-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage csmash is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage csmash is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorycpio Race ConditionRed Hat Enterprise Linux 3cpioRace condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDPackage dialog is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dialog is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage courier-authlib-pipe is installedopenSUSE 10.2openSUSE FactoryPackage courier-authlib-pipe is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryWindows NT DHCP Request Code Execution VulnerabilityMicrosoft Windows NTDHCPThe DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage evolution-data-server-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-data-server-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-sparc-gcc-icecream-backend is installedSUSE Linux 10.0openSUSE FactoryPackage cross-sparc-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage cross-ppc64-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-ppc64-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft MDAC 2.1 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows NTMDAC 2.1Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage devel_rpm_build-64bit is installedopenSUSE 10.2openSUSE FactoryPackage devel_rpm_build-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ftgl-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ftgl-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage control-center2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage control-center2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0,SP1 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage cpufrequtils-32bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cpufrequtils-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryOLE Component Input Validation Vulnerability (Server / XP 2003)Microsoft Windows Server 2003OLEThe OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."Christine WalzerChristine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPatches Disable Basic Security Module Auditing FunctionalitySun Solaris 9Basic Security ModuleThe patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage devhelp-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage devhelp-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dbus-1-glib-debuginfo is installedopenSUSE FactoryPackage dbus-1-glib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cracklib-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cracklib-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cups-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cups-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-spu-binutils is installedopenSUSE FactoryPackage cross-spu-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-hppa-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-hppa-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cpufrequtils-debuginfo is installedopenSUSE FactoryPackage cpufrequtils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v5.5,SP2 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDACCEPTEDPackage ctapi-cyberjack is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage ctapi-cyberjack is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage fam-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fam-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage csindex is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage csindex is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factory.NET Framework v1.1 Security BypassMicrosoft Windows XPMicrosoft Windows Server 2003MDAC 2.7The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengACCEPTEDACCEPTEDPackage compiz-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage compiz-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-x11-debuginfo is installedopenSUSE FactoryPackage dbus-1-x11-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage freeipmi is installedSUSE Linux 10.0openSUSE FactoryPackage freeipmi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage dasher is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage dasher is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dazuko-kmp-bigsmp is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dazuko-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dialog-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dialog-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cups-client is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cups-client is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dante is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dante is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-arm-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-arm-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage f2c-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage f2c-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage coolmail is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage coolmail is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP CSRSS Privilege Escalation VulnerabilityMicrosoft Windows XPClient Server Runtime System (CSRSS)Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDPackage emil-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage emil-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cvsup is installedSUSE Linux 10.0openSUSE FactoryPackage cvsup is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage festival is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage festival is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage evolution-webcal-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-webcal-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryHP-UX AutoRAID Critical Functionality IssueHP-UX 11AutoRAID ManagerPossible unknown vulnerability or vulnerabilities in HP DiskArray Utilities with AutoRAID Manager.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage cross-s390x-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-s390x-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cron-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage cron-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage epiphany-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage epiphany-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compface-debuginfo is installedopenSUSE FactoryPackage compface-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage coriander is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage coriander is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-openssl097g-32bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage compat-openssl097g-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows XPOperating SystemThe Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerINTERIMACCEPTEDRobert L. HollisACCEPTEDINTERIMACCEPTEDACCEPTEDPackage freeglut-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage freeglut-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cryptsetup is installedopenSUSE FactoryPackage cryptsetup is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cyrus-sasl-digestmd5 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl-digestmd5 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v5.01,SP4 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage CommonC++-doc is installedSUSE Linux 10.0openSUSE FactoryPackage CommonC++-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage filters is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage filters is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage control-center is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage control-center is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dhcp-relay is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcp-relay is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage crack-attack-sounds is installedopenSUSE 10.2openSUSE FactoryPackage crack-attack-sounds is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage dssi-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dssi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dev86 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dev86 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage configure-thinkpad-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage configure-thinkpad-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage dita is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dita is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compiz-cvs_060503 is installedSUSE Linux 10.1openSUSE FactoryPackage compiz-cvs_060503 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP3 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage cryptix-asn1 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cryptix-asn1 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage courier-authlib-userdb is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage courier-authlib-userdb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ddrescue is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage ddrescue is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-avr-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-avr-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-s390-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-s390-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE .chm Directory Traversal Windows Server 2003 VulnerabilityMicrosoft Windows Server 2003HTML Help FacilityInternet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage courier-authlib-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage courier-authlib-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db1-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage db1-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage devilspie-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage devilspie-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cook-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cook-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP2 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage elib is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage elib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWinXP Large Window Size TCP RST Denial of ServiceMicrosoft Windows XPWindows XPTCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage courier-imap-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage courier-imap-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compface is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compface is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorysshd Log Bypass VulnerabilitySun Solaris 9sshdThe Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.Brian SobyDRAFTINTERIMACCEPTEDINTERIMDRAFTINTERIMACCEPTEDACCEPTEDPackage fillets-ng-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fillets-ng-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage compat-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage crack-attack-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage crack-attack-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ConsoleKit is installedopenSUSE FactoryPackage ConsoleKit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage fox16-devel is installedopenSUSE 10.2openSUSE FactoryPackage fox16-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPEAR XML_RPC PHP Code Execution VulnerabilityRed Hat Enterprise Linux 3phpEval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 IIS FTP Connection Status Request Denial of ServiceMicrosoft Windows 2000FTPThe FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.Tiffany BergeronGlenn StricklandINTERIMACCEPTEDACCEPTEDPackage dasher-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dasher-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage concurrent-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage concurrent-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cvs-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cvs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows NT IE HTML Help ActiveX control Cross Domain VulnerabilityMicrosoft Windows NTHTML Help ActiveX ControlInternet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage cln is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cln is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage curl-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage curl-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cron is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cron is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cmatrix is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cmatrix is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cracklib is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cracklib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage compat-neon024-debuginfo is installedopenSUSE FactoryPackage compat-neon024-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v6.0,SP1 (Server 2003) ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage cloop-kmp-iseries64 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cloop-kmp-iseries64 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-curl2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compat-curl2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db1-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db1-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dmapi is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dmapi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage contact-lookup-applet is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage contact-lookup-applet is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage ctags-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ctags-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryNetBT Name Service Information Access VulnerabilityMicrosoft Windows XPNetBT Name ServiceThe NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.Ingrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDPackage curl-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage curl-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-mips-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-mips-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fonts-thai is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage fonts-thai is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryMicrosoft PowerPoint Malformed Records VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemUnspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage cook is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cook is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage darts is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage darts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cloop-kmp-bigsmp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cloop-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cm-unicode is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage cm-unicode is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage coriander-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage coriander-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage concurrent is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage concurrent is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fillup-debuginfo is installedopenSUSE FactoryPackage fillup-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage epiphany-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage epiphany-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage compat-g77-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compat-g77-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-i386-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-i386-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorypatch IE7-KB928090-WindowsServer2003-x86-enu.exe should be installedMicrosoft Windows Server 2003Microsoft Internet Explorer 7The patch IE7-KB928090-WindowsServer2003-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage fontconfig-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fontconfig-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cups-libs-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cups-libs-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compat-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fontconfig is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fontconfig is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySunOS 5.9: ufs and fsck patchSun Solaris 9Solaris Volume Manager (SVM)The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.Brian SobyDRAFTINTERIMACCEPTEDINTERIMDRAFTINTERIMACCEPTEDJonathan BakerINTERIMMatthew WojcikACCEPTEDACCEPTEDIE AbusiveParent Vulnerability (32-bit XP)Microsoft Windows XPMicrosoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage db42-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db42-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage control-center2-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage control-center2-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage compat-libstdc++-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage compat-libstdc++-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryExchange Server 2003 (Windows Server 2003, 64-Bit Edition) Routing Engine Buffer OverflowMicrosoft Windows Server 2003SMTPThe SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWindows Server 2003,SP1 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows Server 2003Operating SystemThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage dtc is installedopenSUSE FactoryPackage dtc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWin2k Blind Connection Reset Attack VulnerabilityMicrosoft Windows 2000Windows 2000Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage epic is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage epic is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMSHTA Code Execution Vulnerability (32-bit XP,SP1)Microsoft Windows XPWindows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage esound-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage esound-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage claws-mail-debuginfo is installedopenSUSE FactoryPackage claws-mail-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-x86_64-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-x86_64-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cmatrix-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cmatrix-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage courier-authlib-pgsql is installedopenSUSE 10.2openSUSE FactoryPackage courier-authlib-pgsql is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage courier-imap is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage courier-imap is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryshtool Race ConditionRed Hat Enterprise Linux 3phpRace condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDPackage cross-sparc-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-sparc-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-curl2-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compat-curl2-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-g77 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compat-g77 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-openssl097g-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage compat-openssl097g-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage digikam is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage digikam is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dazuko is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dazuko is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cryptsetup-devel is installedopenSUSE FactoryPackage cryptsetup-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage culmus is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage culmus is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage ConsoleKit-debuginfo is installedopenSUSE FactoryPackage ConsoleKit-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage courier-authlib-ldap is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage courier-authlib-ldap is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0,SP1 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage deskbar-applet-debuginfo is installedopenSUSE FactoryPackage deskbar-applet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage commoncpp2-doc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage commoncpp2-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage clisp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clisp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage chromium is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chromium is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-qt3-debuginfo is installedopenSUSE FactoryPackage dbus-1-qt3-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage check-64bit is installedopenSUSE FactoryPackage check-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage flex-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flex-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage checkmedia-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage checkmedia-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cln-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cln-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compiz-devel is installedopenSUSE FactoryPackage compiz-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v5.5,SP2 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDACCEPTEDPackage clanbomber-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clanbomber-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Task Scheduler Stack OverflowMicrosoft Windows 2000Task SchedulerStack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.Tiffany BergeronINTERIMACCEPTEDACCEPTEDPackage cjk-latex-hbf-cns40-b5 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-hbf-cns40-b5 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage d4x is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage d4x is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fluidsynth-dssi-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage fluidsynth-dssi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage claws-mail is installedopenSUSE FactoryPackage claws-mail is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage comgt-debuginfo is installedopenSUSE FactoryPackage comgt-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cpufrequtils-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cpufrequtils-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage courier-authlib is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage courier-authlib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cups-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cups-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v5.01,SP4 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage curl-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage curl-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dante-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dante-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-exchange-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage evolution-exchange-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMS Word 6.0 Table Conversion Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage cryptix is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cryptix is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compartm-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compartm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage claws-mail-extra-plugins is installedopenSUSE FactoryPackage claws-mail-extra-plugins is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage conglomerate-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage conglomerate-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage courier-authlib-mysql is installedopenSUSE 10.2openSUSE FactoryPackage courier-authlib-mysql is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage clanlib is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clanlib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP3 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage cpp42 is installedopenSUSE FactoryPackage cpp42 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-avr-gcc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-avr-gcc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ctwm-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ctwm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-sasl-ldap-auxprop is installedopenSUSE 10.2openSUSE FactoryPackage cyrus-sasl-ldap-auxprop is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage eog is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage eog is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage control-center2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage control-center2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cryptsetup-debuginfo is installedopenSUSE FactoryPackage cryptsetup-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage chromium-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chromium-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage control-center-devel is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage control-center-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryBuffer Overflow in Solaris ping DaemonSun Solaris 7Sun Solaris 8Sun Solaris 9Licence Logging ServiceBuffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 ComboBox/ListBox GUI Widget User32.dll Buffer OverflowMicrosoft Windows 2000Windows 2000Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.Tiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDINTERIMChristine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDSolaris 7 whodo Buffer Overflow VulnerabilitySun Solaris 7whodoBuffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.David ProulxMatthew WojcikINTERIMMatthew WojcikMatthew WojcikMatthew WojcikACCEPTEDACCEPTEDPackage checkbot is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage checkbot is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db43-32bit is installedopenSUSE 10.2openSUSE FactoryPackage db43-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage cross-s390-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-s390-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ddt-client is installedSUSE Linux 10.0openSUSE FactoryPackage ddt-client is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage CID-keyed-fonts-Wada is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage CID-keyed-fonts-Wada is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-sh4-binutils-debuginfo is installedopenSUSE FactoryPackage cross-sh4-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dbxml-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage dbxml-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage chemtool-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chemtool-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP SMB Buffer OverflowMicrosoft Windows XPSMB (Server Message Block)Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.Ingrid SkoogINTERIMACCEPTEDACCEPTEDPackage clucene-core is installedopenSUSE FactoryPackage clucene-core is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows Shell Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemInteger overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage curl-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage curl-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage chkrootkit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chkrootkit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage flac-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage flac-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows 2000Operating SystemThe Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage cross-alpha-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-alpha-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage classpath-javadocs is installedopenSUSE 10.2openSUSE FactoryPackage classpath-javadocs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage compat-expat1 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage compat-expat1 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage csound is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage csound is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-sasl-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cyrus-sasl-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cpio is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cpio is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage chemtool is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chemtool is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-ia64-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-ia64-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage claws-mail-extra-plugins-debuginfo is installedopenSUSE FactoryPackage claws-mail-extra-plugins-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryOutlook Express v6.0 (WinXP) Malformed Email Header Denial of ServiceMicrosoft Windows XPMicrosoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMChristine WalzerACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDPackage cppunit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage cppunit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage conglomerate is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage conglomerate is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage dbus-1-glib-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbus-1-glib-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows Server 2003, IE v6,SP1 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage cracklib-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cracklib-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage finger is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage finger is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryTIF Folder Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.Robert L. HollisDRAFTINTERIMMatthew WojcikACCEPTEDACCEPTEDPackage classpath-webplugin is installedopenSUSE 10.2openSUSE FactoryPackage classpath-webplugin is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage chess is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chess is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cedilla is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cedilla is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-readline4 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage compat-readline4 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cjk-lyx is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage cjk-lyx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cdrkit-cdrtools-compat is installedopenSUSE FactoryPackage cdrkit-cdrtools-compat is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-avr-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-avr-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage chasen is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chasen is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cloop-kmp-xenpae is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cloop-kmp-xenpae is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage commoncpp2-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage commoncpp2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMS Word 2000 Macro Names Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2000Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.Christine WalzerACCEPTEDIngrid SkoogINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage classpath-webplugin-devel is installedopenSUSE 10.2openSUSE FactoryPackage classpath-webplugin-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage compat-openssl096g is installedSUSE Linux 10.0openSUSE FactoryPackage compat-openssl096g is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage cross-i386-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-i386-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccscript3-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ccscript3-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLoadImage Cursor and Icon Format Handling Vulnerability (NT 4.0)Microsoft Windows NTCursor and Icon FormattingInteger overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage cpp41 is installedopenSUSE 10.2openSUSE FactoryPackage cpp41 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage cross-ia64-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-ia64-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage circuslinux-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage circuslinux-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cjk-latex-hbf-jisksp40 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-hbf-jisksp40 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage fdupes-debuginfo is installedopenSUSE FactoryPackage fdupes-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v5.01,SP2 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage fbset is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage fbset is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cifs-mount is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cifs-mount is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage farsight is installedopenSUSE FactoryPackage farsight is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cppunit-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cppunit-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compiz-kde is installedopenSUSE FactoryPackage compiz-kde is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage compiz-gnome is installedopenSUSE 10.2openSUSE FactoryPackage compiz-gnome is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage cjk-latex-han-tfmvf is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-han-tfmvf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccaudio2-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage ccaudio2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cups-drivers-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cups-drivers-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ddiwrapper is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ddiwrapper is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows NNTP Memory LeakMicrosoft Windows 2000Network News Transport Protocol (NNTP)Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.Christine WalzerACCEPTEDACCEPTEDPackage cfengine-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage cfengine-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage chmlib-devel is installedopenSUSE 10.2openSUSE FactoryPackage chmlib-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage convert is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage convert is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cross-s390x-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-s390x-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage detex is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage detex is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cvsps-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cvsps-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryOffice XP, SP3 WordPerfect Converter Buffer OverflowMicrosoft Windows XPMicrosoft Office XP SP3Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDPackage ccrtp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ccrtp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bzip2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bzip2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage crm114 is installedopenSUSE FactoryPackage crm114 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v5.5 Domain Restriction Bypass Cross-Frame ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.Harvey RubinovitzACCEPTEDACCEPTEDPackage cairo-doc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cairo-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cairomm-devel is installedopenSUSE 10.2openSUSE FactoryPackage cairomm-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage digikamimageplugins is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage digikamimageplugins is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage classpath is installedopenSUSE 10.2openSUSE FactoryPackage classpath is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryLSASS Privilege Escalation Vulnerability (32-bit XP, SP1)Microsoft Windows XPLocal Security Authority Subsystem Service (LSASS)LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage ccrtp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ccrtp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cvsps is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage cvsps is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryKerberos 5 Double-free Vulnerability in krb5_rd_cred FunctionSun Solaris 9Kerberos5Double-free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.Brian SobyDRAFTBrian SobyINTERIMACCEPTEDACCEPTEDPackage compiz-debuginfo-cvs_060503 is installedSUSE Linux 10.1openSUSE FactoryPackage compiz-debuginfo-cvs_060503 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryGDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visio Professional 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWord Count VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordUnspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage cacti is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cacti is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE6,SP1 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage bzflag is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bzflag is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdparanoia-32bit-IIIalpha9 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdparanoia-32bit-IIIalpha9 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage clamav is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage clamav is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage CASA_auth_token_server-debuginfo is installedopenSUSE FactoryPackage CASA_auth_token_server-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cloop-kmp-debug is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cloop-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryLSASS Privilege Escalation Vulnerability (Server 2003/64-bit XP)Microsoft Windows XPLocal Security Authority Subsystem Service (LSASS)LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDOffice 2003 WordPerfect Converter Buffer OverflowMicrosoft Windows XPMicrosoft Office 2003Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMS Word 6.0 Font Conversion Vulnerability (NT 4.0)Microsoft Windows NTMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows XP Workstation Service Logging Function Buffer OverflowMicrosoft Windows XPMicrosoft Windows Workstation ServiceStack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage CASA-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage CASA-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage celestia is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage celestia is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-s390x-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-s390x-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CID-keyed-fonts-Munhwa is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage CID-keyed-fonts-Munhwa is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage colordiff is installedopenSUSE FactoryPackage colordiff is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage claws-mail-devel is installedopenSUSE FactoryPackage claws-mail-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-hppa-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-hppa-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccscript-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage ccscript-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage dante-server is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dante-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage FA_clxclient is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage FA_clxclient is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP,SP2 Color Management Module Buffer OverflowMicrosoft Windows XPMicrosoft Color Management ModuleBuffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDSun Solaris 7 XSun Color Database File Heap OverflowSun Solaris 7XsunBuffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.David ProulxACCEPTEDPackage circuslinux is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage circuslinux is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cvs-doc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cvs-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bzip2-doc is installedopenSUSE FactoryPackage bzip2-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage courier-authlib-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage courier-authlib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdesim is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdesim is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage crack-attack is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage crack-attack is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cjk-latex-hbf-jfs56 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-hbf-jfs56 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage exmh is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage exmh is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdrdao-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdrdao-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage comgt is installedopenSUSE 10.2openSUSE FactoryPackage comgt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage conglomerate-doc is installedopenSUSE FactoryPackage conglomerate-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ccscript3-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage ccscript3-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-openssl097g is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage compat-openssl097g is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cabextract is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cabextract is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dvbd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvbd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccgo-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage ccgo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db41 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage db41 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage DirectFB-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage DirectFB-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage crm114-debuginfo is installedopenSUSE FactoryPackage crm114-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage compat-gdbm is installedSUSE Linux 10.0openSUSE FactoryPackage compat-gdbm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryLinux Kernel /proc/self setuid VulnerabilityRed Hat Linux 9Linux kernelThe /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage cdparanoia-IIIalpha9 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdparanoia-IIIalpha9 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccaudio2-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ccaudio2-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage evolution-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage evolution-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cjk-latex-wadalab-maru2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-wadalab-maru2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CommonC++ is installedSUSE Linux 10.0openSUSE FactoryPackage CommonC++ is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage cadaver is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cadaver is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage castor is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage castor is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage diffutils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage diffutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage clucene-core-debuginfo is installedopenSUSE FactoryPackage clucene-core-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factorySecurity Vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDLinux Kernel execve Read Acces to Restricted File DescriptorsRed Hat Linux 9Linux kernelThe execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage bytefx-data-mysql is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bytefx-data-mysql is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage chmlib is installedopenSUSE 10.2openSUSE FactoryPackage chmlib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage dvd+rw-tools is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dvd+rw-tools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage CID-keyed-fonts-MOE is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage CID-keyed-fonts-MOE is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bundle-lang-kde is installedopenSUSE FactoryPackage bundle-lang-kde is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage celestia-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage celestia-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage chkrootkit-debuginfo is installedopenSUSE FactoryPackage chkrootkit-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage enlightenment is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage enlightenment is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db42-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage db42-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cogito is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cogito is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-imapd-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cyrus-imapd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-mips-gcc-icecream-backend is installedSUSE Linux 10.0openSUSE FactoryPackage cross-mips-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage bsd-games-debuginfo is installedopenSUSE FactoryPackage bsd-games-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bsh-demo is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh-demo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdparanoia-debuginfo-IIIalpha9 is installedSUSE Linux 10.1openSUSE FactoryPackage cdparanoia-debuginfo-IIIalpha9 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CASA-kwallet-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage CASA-kwallet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccscript3 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ccscript3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdda2wav is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdda2wav is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-expat1-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage compat-expat1-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMozilla, Firefox, Thunderbird POP3 SendUidl Buffer OverflowSun Solaris 8mozillaHeap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage bpg-fonts is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bpg-fonts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cups-backends-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cups-backends-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cupsddk-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage cupsddk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage colorgcc is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage colorgcc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage e2fsprogs-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage e2fsprogs-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage e2fsprogs-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage e2fsprogs-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage clanlib-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clanlib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP (64-Bit) Unchecked Buffer in NetDDEMicrosoft Windows XPNetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage dbsplit-tools is installedopenSUSE 10.2openSUSE FactoryPackage dbsplit-tools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage CASA-cli is installedopenSUSE FactoryPackage CASA-cli is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryMicrosoft Visual Studio .NET 2005 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2005 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerDEPRECATEDDEPRECATEDPackage cjk-latex-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage camsource-devel is installedopenSUSE FactoryPackage camsource-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bsh2 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage Botan is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage Botan is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cedict is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cedict is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cairo-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cairo-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bsh2-demo is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh2-demo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage DirectFB is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage DirectFB is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage bootsplash-theme-SuSE is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bootsplash-theme-SuSE is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryExcel Malformed Column Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage bundle-lang-kde-en is installedopenSUSE FactoryPackage bundle-lang-kde-en is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cross-ppc-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-ppc-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage capi4linux-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage capi4linux-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage contact-lookup-applet-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage contact-lookup-applet-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccaudio-devel is installedSUSE Linux 10.0openSUSE FactoryPackage ccaudio-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage boost-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage boost-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CASA_auth_token_server-devel is installedopenSUSE 10.2openSUSE FactoryPackage CASA_auth_token_server-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage cupsddk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cupsddk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-curl2-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compat-curl2-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLoadImage Cursor and Icon Format Handling Vulnerability (Server 2003)Microsoft Windows Server 2003Cursor and Icon FormattingInteger overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Bitmap Integer Overflow VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage briquolo-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage briquolo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage callgrind is installedSUSE Linux 10.1openSUSE FactoryPackage callgrind is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cloop-kmp-xen is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cloop-kmp-xen is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryAnimated Cursor Denial of Service (Windows 2000)Microsoft Windows 2000Windows Animated CursorThe Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage CASA-kwallet is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage CASA-kwallet is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cross-i386-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-i386-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bonobo-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bonobo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cannadic is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cannadic is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdparanoia-64bit-IIIalpha9 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdparanoia-64bit-IIIalpha9 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-avr-gcc42-debuginfo is installedopenSUSE FactoryPackage cross-avr-gcc42-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows Media Player Directory TraversalMicrosoft Windows XPWindows Media Player for Windows XPDirectory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.Tiffany BergeronACCEPTEDACCEPTEDPackage crash-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage crash-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bootsplash is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bootsplash is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage canna-yubin is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage canna-yubin is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bsh2-manual is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh2-manual is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bombermaze-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bombermaze-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage capi4linux is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage capi4linux is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryServer 2003 Hyperlink Object Library Unchecked Buffer VulnerabilityMicrosoft Windows Server 2003Hyperlink Object LibraryThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMAndrew ButtnerACCEPTEDACCEPTEDPackage dx-doc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dx-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dvgt is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvgt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CommonC++-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage CommonC++-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryIE v6.0 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxChristine WalzerINTERIMACCEPTEDACCEPTEDPackage bonnie++-debuginfo is installedopenSUSE FactoryPackage bonnie++-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage convmv is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage convmv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage boo-debuginfo is installedopenSUSE FactoryPackage boo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE6.0,SP2 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage ccrtp-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ccrtp-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage canna is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage canna is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage clucene-core-devel is installedopenSUSE FactoryPackage clucene-core-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cmake-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage cmake-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db43-debuginfo is installedopenSUSE FactoryPackage db43-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cg-devel is installedopenSUSE FactoryPackage cg-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows NT getCanonicalPath Heap Corruption Denial of ServiceMicrosoft Windows NTWindows NT 4.0The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.Tiffany BergeronINTERIMACCEPTEDACCEPTEDPackage db40-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db40-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage capi4linux-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage capi4linux-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage curlftpfs is installedopenSUSE 10.2openSUSE FactoryPackage curlftpfs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bootloader-theme-SUSELinux-Prof is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bootloader-theme-SUSELinux-Prof is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cairo-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cairo-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bzip2-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bzip2-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage boost is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage boost is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage capisuite-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage capisuite-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CASA-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage CASA-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cloop-kmp-default is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cloop-kmp-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryFolder GUID Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemMicrosoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows NT HtmlHelp Heap OverflowMicrosoft Windows NTHTML Help FacilityHeap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.Andrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisJonathan BakerACCEPTEDACCEPTEDPackage cracklib-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cracklib-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage boost-jam-debuginfo is installedopenSUSE FactoryPackage boost-jam-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cdrdao is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cdrdao is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bluez-test is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bluez-test is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bzip2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bzip2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccache-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ccache-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db1 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage db1 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bochs-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bochs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cjk-latex-hbf-hanja65 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-hbf-hanja65 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage chasen-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chasen-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-alpha-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-alpha-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage classpath-examples is installedopenSUSE 10.2openSUSE FactoryPackage classpath-examples is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage compat-libstdc++-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compat-libstdc++-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bzflag-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bzflag-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cdk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage dhcp is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySecurity Vulnerability in RPCSEC_GSS (rpcsec_gss(3NSL)) Affects Kerberos Administration Daemon (kadmind(1M))Sun Solaris 8Sun Solaris 9Sun Solaris 10Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDWindows XP VDM Privilege Escalation VulnerabilityMicrosoft Windows XPVDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage bitlbee-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage bitlbee-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryMS SQL Server Bulk Insert Procedure Buffer OverflowMicrosoft Windows 2000SQL Server 2000Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDACCEPTEDPackage canna-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage canna-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdrecord is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cdrecord is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE6 (for XP,SP2) Content Advisor Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage coreutils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage coreutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bluez-cups is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bluez-cups is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage capi4hylafax is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage capi4hylafax is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage boost-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage boost-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CID-keyed-fonts-WadaH is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage CID-keyed-fonts-WadaH is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bind-libs-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bind-libs-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bios_update_tools is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage bios_update_tools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cjk-latex-han1-tfmvf is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-han1-tfmvf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bzr is installedopenSUSE 10.2openSUSE FactoryPackage bzr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bootsplash-debuginfo is installedopenSUSE FactoryPackage bootsplash-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage CASA_auth_token_client-devel is installedopenSUSE 10.2openSUSE FactoryPackage CASA_auth_token_client-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryWindows 2000 Kernel Debugger-based Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage cracklib-dict-full is installedopenSUSE FactoryPackage cracklib-dict-full is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cyrus-imapd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-imapd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cmake is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cmake is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bridge-utils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bridge-utils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage castor-demo is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage castor-demo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage castor-test is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage castor-test is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryHyperTerminal Session File Vulnerability (Server 2003)Microsoft Windows Server 2003HyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTHarvey RubinovitzHarvey RubinovitzINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE6 DHTML Method Heap Memory Corruption Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzHarvey RubinovitzHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage blt-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blt-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cgwd is installedopenSUSE 10.2openSUSE FactoryPackage cgwd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMozilla CA Certificate DoSSun Solaris 8mozillaMozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage cups-libs-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cups-libs-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage Botan-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage Botan-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bootchart is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bootchart is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage commoncpp2 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage commoncpp2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryTIF Folder Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.Robert L. HollisDRAFTINTERIMMatthew WojcikACCEPTEDACCEPTEDPackage commoncpp2-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage commoncpp2-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dvbtune is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvbtune is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bundle-lang-kde-de is installedopenSUSE FactoryPackage bundle-lang-kde-de is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cfengine is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cfengine is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bsdtar is installedopenSUSE 10.2openSUSE FactoryPackage bsdtar is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bomberclone is installedopenSUSE 10.2openSUSE FactoryPackage bomberclone is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage CASA_auth_token_client-debuginfo is installedopenSUSE FactoryPackage CASA_auth_token_client-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cairo-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cairo-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cecilia is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cecilia is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Unchecked Buffer in NetDDE (Test 1)Microsoft Windows 2000NetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDHP-UX 11.04 swagentd Denial of ServiceHP-UX 11swagentdUnspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage castor-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage castor-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CASA_auth_token_apache2_2_support is installedopenSUSE 10.2openSUSE FactoryPackage CASA_auth_token_apache2_2_support is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ccache is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage ccache is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage bison-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bison-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-gdbm-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage compat-gdbm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage ccscript is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ccscript is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage boswars-debuginfo is installedopenSUSE FactoryPackage boswars-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cjk-latex-hbf-cns40 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-hbf-cns40 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bundle-lang-kde-es is installedopenSUSE FactoryPackage bundle-lang-kde-es is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cairomm-debuginfo is installedopenSUSE FactoryPackage cairomm-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryLinux Kernel Reuse Flag VulnerabilityRed Hat Linux 9Linux kernelThe RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage createrepo is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage createrepo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage caca-utils is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage caca-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cloop is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cloop is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bsh-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cjk-latex-hbf-kanji48 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-hbf-kanji48 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bbtools is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bbtools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bayonne-UsEng is installedSUSE Linux 10.0openSUSE FactoryPackage bayonne-UsEng is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage Botan-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage Botan-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bos is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bos is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryDHTML Object Memory Corruption Vulnerability (IE6 for Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft .NET Framework 2.0 is installed.Robert L. HollisINTERIMACCEPTEDAndrew ButtnerDEPRECATEDACCEPTEDSolaris 8/9 cachefsd Heap Overflow VulnerabilitySun Solaris 8cachefsdHeap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.David ProulxBrian SobyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage blas-man is installedopenSUSE FactoryPackage blas-man is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage blas is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blas is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLoadImage Cursor and Icon Format Handling Vulnerability (Terminal Server)Microsoft Windows NTCursor and Icon FormattingInteger overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage bmp-plugins-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bmp-plugins-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWinXP Explorer Buffer OverflowMicrosoft Windows XPExplorer.exeBuffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.Ingrid SkoogIngrid SkoogINTERIMACCEPTEDACCEPTEDPackage bigsister is installedSUSE Linux 10.0openSUSE FactoryPackage bigsister is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage dvb is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dvb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bash-completion is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bash-completion is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bluez-firmware is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bluez-firmware is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage control-center-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage control-center-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLinux Kernel execve Race Condition VulnerabilityRed Hat Linux 9Linux kernelA race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage bsh2-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh2-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avahi-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avahi-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage audit-visualize is installedopenSUSE FactoryPackage audit-visualize is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage blackbox is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blackbox is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-sasl-otp is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl-otp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bc-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage checkmedia is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage checkmedia is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryGDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visio Professional 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage docbook5-xsl-stylesheets is installedopenSUSE FactoryPackage docbook5-xsl-stylesheets is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bomberclone-debuginfo is installedopenSUSE FactoryPackage bomberclone-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryMS FrontPage Server Extensions SmartHTML Denial of Service (Test 1)Microsoft Windows 2000Microsoft FrontPage Server Extensions 2000Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Tiffany BergeronTiffany BergeronINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDPackage bsf-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsf-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryCDE AddSuLog Function Buffer OverflowSun Solaris 7CDEBuffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage chrpath is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage chrpath is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avalon-framework-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avalon-framework-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage awesfx is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage awesfx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage check-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage check-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dnsmasq-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dnsmasq-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dazuko-kmp-xen is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dazuko-kmp-xen is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows NT Program Group Converter Buffer OverflowMicrosoft Windows NTProgram Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage callgrind-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage callgrind-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryCGI.pm start_form Cross-Site Scripting VulnerabilitySun Solaris 8Sun Solaris 9PerlCross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDPackage autotrace-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage autotrace-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ccgo is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ccgo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avahi-qt4 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avahi-qt4 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage axis-manual is installedopenSUSE FactoryPackage axis-manual is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dbus-1-qt3-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage dbus-1-qt3-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage blender-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blender-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage barcode-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage barcode-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage baekmuk-ttf is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage baekmuk-ttf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage atmel-firmware is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage atmel-firmware is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIE6 for Server 2003 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzHarvey RubinovitzHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage blackbox-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage blackbox-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bug-buddy-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bug-buddy-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bsh-manual is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh-manual is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage antlr-jedit is installedopenSUSE FactoryPackage antlr-jedit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows XP Named Pipe Vulnerability (64-bit architecture)Microsoft Windows XPThe Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDPackage blam-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blam-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cadaver-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cadaver-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-libstdc++ is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage compat-libstdc++ is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bb is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage canna-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage canna-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage devel_rpm_build-32bit is installedopenSUSE 10.2openSUSE FactoryPackage devel_rpm_build-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage amavisd-new-20030616p9 is installedopenSUSE FactoryPackage amavisd-new-20030616p9 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage crafty is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage crafty is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage autogen is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage autogen is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dirdiff-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dirdiff-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage black-box-debuginfo is installedopenSUSE FactoryPackage black-box-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage classpath-jta is installedopenSUSE FactoryPackage classpath-jta is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage clisp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clisp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage at-spi-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage at-spi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avahi-32bit is installedopenSUSE FactoryPackage avahi-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryRed Hat Linux Kernel Serial Link Information Disclosure VulnerabilityRed Hat Linux 9/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage boost-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage boost-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryGDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage atk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage atk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cloop-kmp-smp is installedSUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cloop-kmp-smp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage audiofile-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage audiofile-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage autoyast2-utils is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage autoyast2-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cdrecord-devel is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cdrecord-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage at-spi-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage at-spi-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage banshee-debuginfo is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage banshee-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cjk-latex-han1 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-han1 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySQL Server LPC Port Buffer OverflowMicrosoft Windows 2000SQL Server 2000Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.Yi-Fang KohJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMMatthew WojcikMatthew WojcikMatthew WojcikACCEPTEDACCEPTEDPackage bcm43xx-fwcutter-debuginfo is installedopenSUSE FactoryPackage bcm43xx-fwcutter-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage beagle-gui is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage beagle-gui is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factorySecurity Vulnerabilities in Solaris Kernel Statistics Retrieval Process May Allow a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDPackage bluez-utils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bluez-utils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage autotrace-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage autotrace-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-neon024 is installedopenSUSE 10.2openSUSE FactoryPackage compat-neon024 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage cross-hppa-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-hppa-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aufs-kmp-bigsmp-cvs20070604_2 is installedopenSUSE FactoryPackage aufs-kmp-bigsmp-cvs20070604_2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bash-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bash-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dhcp-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage dhcp-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage boost-jam is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage boost-jam is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage check-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage check-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cracklib-dict-small is installedopenSUSE FactoryPackage cracklib-dict-small is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage banshee-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage banshee-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage audacious-devel is installedopenSUSE FactoryPackage audacious-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage compartm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage compartm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage beagle-firefox is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage beagle-firefox is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage beagle-evolution is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage beagle-evolution is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage db-utils-doc is installedopenSUSE FactoryPackage db-utils-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage boost-doc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage boost-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryExcel Malformed Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage cpufrequtils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cpufrequtils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage audit-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage audit-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage BitTorrent-curses is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage BitTorrent-curses is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE5.01,SP3 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage bootsplash-theme-OpenXchange is installedSUSE Linux 10.0openSUSE FactoryPackage bootsplash-theme-OpenXchange is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage blender is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blender is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage authldap is installedopenSUSE FactoryPackage authldap is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage avm_fcdsl is installedNovell Linux Desktop 9SUSE Linux 10.0openSUSE FactoryPackage avm_fcdsl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage bluez-utils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bluez-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage bug-buddy is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bug-buddy is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryMicrosoft SMTP Malformed BDAT Request Denial of ServiceMicrosoft Windows 2000SMTPSMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.Tiffany BergeronAndrew ButtnerACCEPTEDSMB Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemThe Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."Robert L. HollisINTERIMACCEPTEDACCEPTEDPackage aspell-tn is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-tn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aufs-kmp-default-cvs20070604_2 is installedopenSUSE FactoryPackage aufs-kmp-default-cvs20070604_2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage binutils-devel is installedopenSUSE FactoryPackage binutils-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aumix-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aumix-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-te is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-te is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage autoyast2-installation is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage autoyast2-installation is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bwidget is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bwidget is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage beagle-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage beagle-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bacula-server is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bacula-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage audacious-debuginfo is installedopenSUSE FactoryPackage audacious-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factorySQL Server Named Pipe Denial of ServiceMicrosoft Windows 2000SQL Server 2000Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.Yi-Fang KohJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMMatthew WojcikMatthew WojcikMatthew WojcikACCEPTEDACCEPTEDPackage avahi-glib-32bit is installedopenSUSE FactoryPackage avahi-glib-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage CASA_auth_token_server is installedopenSUSE 10.2openSUSE FactoryPackage CASA_auth_token_server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bundle-lang-kde-pt is installedopenSUSE FactoryPackage bundle-lang-kde-pt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage audiofile is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage audiofile is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bind-utils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bind-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-ny is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ny is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage at76_usb-kmp-ppc64 is installedopenSUSE FactoryPackage at76_usb-kmp-ppc64 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage audacity is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage audacity is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bayonne2-UsEng is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bayonne2-UsEng is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage check-32bit is installedopenSUSE FactoryPackage check-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows 2000 SNMPv1 Trap Handling DoS and Privilege Escalation (Test 2)Microsoft Windows 2000Simple Network Management Protocol (SNMP)Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Harvey RubinovitzHarvey RubinovitzINTERIMACCEPTEDACCEPTEDPackage bsh2-classgen is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh2-classgen is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage at-poke-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage at-poke-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aufs-debuginfo-cvs20070604 is installedopenSUSE FactoryPackage aufs-debuginfo-cvs20070604 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bayonne2-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bayonne2-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySendmail prescan function Buffer OverflowSun Solaris 7SendmailThe prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage cairomm is installedopenSUSE 10.2openSUSE FactoryPackage cairomm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bigsister-server is installedSUSE Linux 10.0openSUSE FactoryPackage bigsister-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factorySolaris TCP/IP Stack System Panic VulnerabilitySun Solaris 8Sun Solaris 9TCP/IPUnknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.Brian SobyDRAFTINTERIMACCEPTEDINTERIMDRAFTINTERIMACCEPTEDACCEPTEDPackage asterisk-odbc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk-odbc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CASA is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage CASA is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factorySolaris 10 patchadd T-patch IssueSun Solaris 10patchaddThe patchadd facility for Solaris 10 fails to install T-patches. Sun sometimes releases a T-patch as a temporary version of a patch prior to the final release of that patch. While this flaw does not directly represent a vulnerability, it does prevent the timely application of some (possibly critical) updates.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage b2bua is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage b2bua is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryRPCSS DCOM Buffer Overflow (XP)Microsoft Windows XPDistributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage ccaudio is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ccaudio is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdk-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cdk-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage avahi-compat-howl-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avahi-compat-howl-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage batik is installedopenSUSE FactoryPackage batik is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage CASA_auth_token_pam_support is installedopenSUSE 10.2openSUSE FactoryPackage CASA_auth_token_pam_support is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bitlbee is installedSUSE Linux 10.0openSUSE FactoryPackage bitlbee is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryMultiple Privilege Escalation Vulnerabilities in Linux KernelRed Hat Enterprise Linux 3Linux kernelMultiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDPackage buffer-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage buffer-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 2)Microsoft Windows 2000Remote Procedure Call (RPC)Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.Tiffany BergeronACCEPTEDACCEPTEDPackage astools-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage astools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db40-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage db40-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bonnie-debuginfo is installedopenSUSE FactoryPackage bonnie-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryLoadImage Cursor and Icon Format Handling Vulnerability (XP)Microsoft Windows XPCursor and Icon FormattingInteger overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage avahi-mono is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avahi-mono is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage astools is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage astools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows XP,SP2 IE6.0 Drag-and-Drop VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage autoconf is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage autoconf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage compat-openssl097g-debuginfo is installedopenSUSE FactoryPackage compat-openssl097g-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bind-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bind-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLinux Kernel TCP/IP Fragment Reassembly Denial of ServiceRed Hat Linux 9Linux kernelThe TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage audit-libs-64bit is installedopenSUSE 10.2openSUSE FactoryPackage audit-libs-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage delta-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage delta-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bogofilter is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bogofilter is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage axp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage axp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-jakarta-tomcat-connectors is installedopenSUSE FactoryPackage apache2-jakarta-tomcat-connectors is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bin86-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage bin86-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage asusfan-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asusfan-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cgwd-devel is installedopenSUSE 10.2openSUSE FactoryPackage cgwd-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bootp-DD2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bootp-DD2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avmfritzcapi is installedNovell Linux Desktop 9openSUSE FactoryPackage avmfritzcapi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:factoryMicrosoft MDAC 2.6 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000MDAC 2.6Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage avahi-compat-mDNSResponder-32bit is installedopenSUSE FactoryPackage avahi-compat-mDNSResponder-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage asusfan is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asusfan is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage blam is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage blam is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage asterisk-devel is installedopenSUSE FactoryPackage asterisk-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-tr is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-tr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage AtaAuto is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage AtaAuto is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ctapi-cyberjack-32bit is installedopenSUSE 10.2openSUSE FactoryPackage ctapi-cyberjack-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage audiofile-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage audiofile-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage audiofile-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage audiofile-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apache-ant is installedopenSUSE FactoryPackage apache-ant is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage binutils-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage binutils-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage camlp4 is installedopenSUSE FactoryPackage camlp4 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage atftp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage atftp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avahi-compat-howl is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avahi-compat-howl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bsh2-bsf is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bsh2-bsf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache-doc is installedopenSUSE FactoryPackage apache-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage barcode-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage barcode-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bayonne is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bayonne is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage clanlib-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clanlib-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage blueprint-cursor-theme is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blueprint-cursor-theme is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLinux Kernel mxcsr Code VulnerabilityRed Hat Linux 9Linux kernelThe mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDAdobe Acrobat Reader .ETD Document Code Execution VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPAdobe Acrobat ReaderFormat string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields.Matthew WojcikDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDiDEFENSE reports that deleting eBook.api from the plug_ins directory is a workaround. See http://www.idefense.com/application/poi/display?id=163&type=vulnerabilitiesPackage CASA_auth_token_svc is installedopenSUSE 10.2openSUSE FactoryPackage CASA_auth_token_svc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryOLE Component Input Validation Vulnerability (Windows 2000)Microsoft Windows 2000Windows Media Player 9The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDACCEPTEDPackage aspell-tet is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-tet is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryLinux Kernel Denial of Service Vulnerability via fsave and frstor InstructionsRed Hat Enterprise Linux 3Linux kernelLinux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDPackage bombermaze is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bombermaze is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage attr-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage attr-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-sk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-sk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage delta is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage delta is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bind-lwresd is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bind-lwresd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryUnchecked Buffer in Password Encryption ProcedureMicrosoft Windows 2000SQL Server 2000Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDACCEPTEDPackage BASS is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage BASS is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage at-spi-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage at-spi-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage castor-doc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage castor-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000, IE v5.01 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage cdrecord-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdrecord-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage blocxx-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blocxx-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bitchx-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage bitchx-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage csindex-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage csindex-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage alice-compat is installedNovell Linux Desktop 9openSUSE FactoryPackage alice-compat is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:factoryPackage buffer is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage buffer is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows 2000 IIS Heap Overrun in HTR Chunked EncodingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDPackage dbview-debuginfo is installedopenSUSE FactoryPackage dbview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-pa is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-pa is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-sw is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-sw is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage adminfs is installedopenSUSE FactoryPackage adminfs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bison-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bison-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP (64-bit Gold) Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows XPOperating SystemThe Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage banshee-plugins-default is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage banshee-plugins-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryWindows XP,SP1 COM Structured Storage VulnerabilityMicrosoft Windows XPCOM Internet ServicesWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage cdesim-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdesim-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage blocxx-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage blocxx-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorypatch IE7-KB929969-WindowsServer2003-x86-enu.exe should be installedMicrosoft Windows Server 2003Microsoft Internet Explorer 7The patch IE7-KB929969-WindowsServer2003-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage binutils-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage binutils-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-ru is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ru is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage darts-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage darts-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cabextract-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cabextract-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage asterisk-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryRPCSS DCOM Buffer Overflow (XP, SP1)Microsoft Windows XPDistributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage cjk-latex-wadalab-gothic is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-wadalab-gothic is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-wa is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-wa is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-avr-gcc-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-avr-gcc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage at76_usb-kmp-bigsmp is installedopenSUSE FactoryPackage at76_usb-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWMI Object Broker VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual StudioCross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage CASA-gui is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage CASA-gui is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage bigsister-agent is installedSUSE Linux 10.0openSUSE FactoryPackage bigsister-agent is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage autofs-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage autofs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage beagle-index is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage beagle-index is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage autoyast2 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage autoyast2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage atk-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage atk-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage at-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage at-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bcel-javadoc is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage bcel-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cdda2wav-cdrkit is installedopenSUSE 10.2openSUSE FactoryPackage cdda2wav-cdrkit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage aspell-pt_PT is installedopenSUSE FactoryPackage aspell-pt_PT is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows Media Player Buffer Overflow via ASFMicrosoft Windows XPWindows Media Player for Windows XPBuffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.Tiffany BergeronACCEPTEDACCEPTEDPackage compiz is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage compiz is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage basket is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage basket is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-zu is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-zu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage asterisk-spandsp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk-spandsp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache-devel is installedopenSUSE FactoryPackage apache-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage dbus-1-qt-devel is installedSUSE Linux 10.1openSUSE FactoryPackage dbus-1-qt-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bacula-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bacula-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cjk-latex-wadalab-mincho2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cjk-latex-wadalab-mincho2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CheckHardware is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage CheckHardware is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage at-poke is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage at-poke is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorypatch IE7-KB929969-WindowsServer2003-x64-enu.exe should be installedMicrosoft Windows XPMicrosoft Internet Explorer 7The patch IE7-KB929969-WindowsServer2003-x64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP Professional x64 Edition SP1 is installedMicrosoft Windows XPA version of Microsoft Windows XP Professional x64 Edition Service Pack 1 is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage bibview is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bibview is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage compat-readline4-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage compat-readline4-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage audacious is installedopenSUSE FactoryPackage audacious is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage asterisk-capi-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk-capi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avahi-qt3 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avahi-qt3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avrdude is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avrdude is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cross-s390-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-s390-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage clanbomber is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clanbomber is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CASA-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage CASA-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avmailgate is installedNovell Linux Desktop 9SUSE Linux Enterprise Server 10openSUSE FactoryPackage avmailgate is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryXSLT Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesBuffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage audacity-debuginfo is installedopenSUSE FactoryPackage audacity-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-nds is installedopenSUSE FactoryPackage aspell-nds is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows 2000 Windows POSIX Buffer OverflowMicrosoft Windows 2000POSIXThe POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.Ingrid SkoogINTERIMACCEPTEDJohn HoylandMatthew WojcikINTERIMACCEPTEDACCEPTEDMicrosoft Windows 2000 is installedMicrosoft Windows 2000The operating system installed on the system is Microsoft Windows 2000.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage blocxx is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage blocxx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage barcode is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage barcode is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage audit-libs-python-debuginfo is installedopenSUSE FactoryPackage audit-libs-python-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage axis is installedopenSUSE FactoryPackage axis is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage avahi-glib is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage avahi-glib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage bdfresize-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bdfresize-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage banshee is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage banshee is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryLinux Kernel TTY VulnerabilityRed Hat Linux 9Linux kernelUnknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops").Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage aspell-ms is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ms is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage autofs4 is installedopenSUSE FactoryPackage autofs4 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ckermit-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ckermit-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage at-spi is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage at-spi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage atk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage atk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cairo is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cairo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage avahi is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage avahi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage aspell-hy is installedopenSUSE FactoryPackage aspell-hy is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bootsplash-theme-SuSE-Home is installedSUSE Linux 10.0openSUSE FactoryPackage bootsplash-theme-SuSE-Home is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryWindows 2000 IE HTML Help ActiveX control Cross Domain VulnerabilityMicrosoft Windows 2000Windows 2000Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."Matthew BurtonDRAFTMatthew BurtonMatthew BurtonINTERIMACCEPTEDACCEPTEDpatch IE7-KB928090-WindowsXP-x86-enu.exe should be installedMicrosoft Windows XPMicrosoft Internet Explorer 7The patch IE7-KB928090-WindowsXP-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP (x86) SP2 is installedMicrosoft Windows XPA version of Microsoft Windows XP (x86) Service Pack 2 is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage aufs-kmp-ppc64-cvs20070604_2 is installedopenSUSE FactoryPackage aufs-kmp-ppc64-cvs20070604_2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-yi is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-yi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-arm-gcc-icecream-backend is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-arm-gcc-icecream-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage asterisk-pgsql is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk-pgsql is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-mi is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-mi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage atftp is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage atftp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage blasman is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blasman is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-hu is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-hu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apache-jakarta-tomcat-connectors is installedopenSUSE FactoryPackage apache-jakarta-tomcat-connectors is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-ku is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ku is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorypatch IE7-KB928090-WindowsServer2003-ia64-enu.exe should be installedMicrosoft Windows Server 2003Microsoft Internet Explorer 7The patch IE7-KB928090-WindowsServer2003-ia64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-016 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDDenial of Service Vulnerability in Linux Kernel do_fork Function via CLONE_VMRed Hat Enterprise Linux 3Linux kernelThe do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDPackage dbus-1-qt3-devel is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dbus-1-qt3-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE for Server 2003 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzHarvey RubinovitzHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDXFS Dispatch() Buffer OverflowSun Solaris 9fs.auto, xfsBuffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.Brian SobyDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage avalon-framework-manual is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avalon-framework-manual is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage chrpath-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage chrpath-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avrdude-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage avrdude-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage clamav-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clamav-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-lt is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-lt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bonobo is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bonobo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryCache Path Disclosure via Windows Media PlayerMicrosoft Windows XPWindows Media Player for Windows XPMicrosoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".Tiffany BergeronACCEPTEDACCEPTEDPackage automake is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage automake is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bsh is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bsh is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage atitvout-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage atitvout-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bluefish is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bluefish is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bacula is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bacula is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dbus-1-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dbus-1-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage db-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cyrus-sasl is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-sasl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage camsource is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage camsource is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage basket-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage basket-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySKK/DDSKK Insecure Temporary File VulnerabilityRed Hat Linux 9skkskk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage bb-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bb-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dar-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage dar-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage capisuite is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage capisuite is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage audit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage audit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bitchx is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bitchx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-uk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-uk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage crash-devel is installedopenSUSE FactoryPackage crash-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage audit-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage audit-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage atk-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage atk-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-cs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-cs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMicrosoft Office Property VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.Robert L. HollisMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage aspell-cy is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-cy is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage canna-libs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage canna-libs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage boswars is installedopenSUSE FactoryPackage boswars is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE5.01,SP4 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage aspell-hi is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-hi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-af is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-af is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bbtools-gui-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bbtools-gui-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage db41-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage db41-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage blocxx-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage blocxx-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-mg is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-mg is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryLinux ioperm Privilege Restriction VulnerabilityRed Hat Linux 9Linux kernelThe ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage bzip2-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bzip2-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage dar is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage dar is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-bg is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-bg is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage avahi-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage avahi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage castor-xml is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage castor-xml is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage BitTorrent is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage BitTorrent is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage awstats is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage awstats is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cpio-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cpio-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bochs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bochs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySolaris 9 CDE ToolTalk Database Server Symbolic Link VulnerabilitySun Solaris 9CDECDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.Brian SobyDRAFTINTERIMACCEPTEDBrian SobyBrian SobyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDSMB Session Digital Signature SidestepMicrosoft Windows 2000SMB Signing (Server Message Block)The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage bmp-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bmp-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-hr is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-hr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-hsb is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-hsb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-de is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-de is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage banshee-engine-gst is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage banshee-engine-gst is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage avr-libc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage avr-libc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-gd is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-gd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cyrus-imapd-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage cyrus-imapd-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage beagle-thunderbird is installedopenSUSE 10.2openSUSE FactoryPackage beagle-thunderbird is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bundle-lang-kde-fr is installedopenSUSE FactoryPackage bundle-lang-kde-fr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage autofs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage autofs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage awesfx-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage awesfx-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bison-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bison-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage autolog is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage autolog is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-sl is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-sl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cups-drivers-stp is installedNovell Linux Desktop 9SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cups-drivers-stp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows 2000 Program Group Converter Buffer OverflowMicrosoft Windows 2000Program Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage aspell-pl is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-pl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aufs-cvs20070604 is installedopenSUSE FactoryPackage aufs-cvs20070604 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-fi is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-fi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage arts-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage arts-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-pt_BR is installedopenSUSE FactoryPackage aspell-pt_BR is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage cross-sparc-binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-sparc-binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage arpwatch-ethercodes-build is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage arpwatch-ethercodes-build is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cdp is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage cdp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-am is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-am is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage avahi-glib-64bit is installedopenSUSE FactoryPackage avahi-glib-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage arts-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage arts-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage boost-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage boost-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage banshee-plugins-DAAP is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage banshee-plugins-DAAP is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryVisio Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visio Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage arpwatch-ethercodes is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage arpwatch-ethercodes is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-rw is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-rw is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ash is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ash is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWINS Association Context Vulnerability (Terminal Server Test 1)Microsoft Windows NTWindows Internet Naming Service (WINS)The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage asterisk-zaptel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk-zaptel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-qu is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-qu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryServer 2003 Font Buffer OverflowMicrosoft Windows Server 2003Windows kernelBuffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDMicrosoft MDAC 2.5 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000MDAC 2.5Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage aspell-et is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-et is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bcm43xx-fwcutter is installedopenSUSE 10.2openSUSE FactoryPackage bcm43xx-fwcutter is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage blocxx-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage blocxx-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage asciidoc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asciidoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aaa_base_novell is installedopenSUSE FactoryPackage aaa_base_novell is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage blt is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage blt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bluez-libs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bluez-libs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage at76_usb is installedopenSUSE FactoryPackage at76_usb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aqbanking-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage aqbanking-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 Domain Restriction Bypass Cross-Frame ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDBuffer Management Error in OpenSSHSun Solaris 9OpenSSHA "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage arpwatch-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage arpwatch-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bison is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bison is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage art-sharp is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage art-sharp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage briquolo is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage briquolo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage banshee-engine-helix is installedSUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage banshee-engine-helix is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cross-sh4-binutils is installedopenSUSE FactoryPackage cross-sh4-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cloop-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cloop-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-mr is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-mr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aqbanking-geldkarte is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-geldkarte is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factorySQL Server OpenDataSource/OpenRowset Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.Yi-Fang KohIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDPackage CASA_auth_token_client is installedopenSUSE 10.2openSUSE FactoryPackage CASA_auth_token_client is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage cairo-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cairo-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage checkinstall is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage checkinstall is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryGDI+ JPEG Parsing Engine Buffer Overflow (Office 2003)Microsoft Windows 2000Microsoft Windows XPMicrosoft Office 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogIngrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows XP/Server 2003 DirectPlay Denial of Service (Test 2)Microsoft Windows XPMicrosoft Windows Server 2003DirectXIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronTiffany BergeronTiffany BergeronINTERIMACCEPTEDACCEPTEDPackage aspell-id is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-id is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bayonne-devel is installedSUSE Linux 10.0openSUSE FactoryPackage bayonne-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage apcupsd-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage apcupsd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cloop-kmp-ppc64 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage cloop-kmp-ppc64 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-he is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-he is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryTCP Connection Reset VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Operating SystemTCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01 Content Disposition/Type Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.Tiffany BergeronChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDACCEPTEDPackage apache-mod_php4 is installedopenSUSE FactoryPackage apache-mod_php4 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-it is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-it is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aqbanking is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage aqbanking is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-or is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-or is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage arts-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage arts-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage appleir is installedopenSUSE FactoryPackage appleir is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bootcycle is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage bootcycle is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE5.01,SP3 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage autogen-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage autogen-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-el is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-el is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPowerPoint Malformed Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPointUnspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 Large Window Size TCP RST Denial of ServiceMicrosoft Windows Server 2003Microsoft Word 2003TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage avahi-64bit is installedopenSUSE FactoryPackage avahi-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aumix is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aumix is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apmd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apmd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWord 2000 Malicious .doc Buffer Overflow IIMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2000Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage binutils is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apache2-example-pages is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-example-pages is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bash is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bash is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage axis-javadoc is installedopenSUSE FactoryPackage axis-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage asl-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asl-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP Messenger Service Buffer OverflowMicrosoft Windows XPWindows XPThe Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.Tiffany BergeronAndrew ButtnerACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage asterisk-alsa is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk-alsa is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-ro is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ro is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage anthy-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage anthy-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage camsource-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage camsource-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_auth_mysql-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apache2-mod_auth_mysql-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aqbanking-yellownet-qt3 is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-yellownet-qt3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryExcel 2000 File Handler Code Execution VulnerabilityMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Excel 2000Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage ccaudio-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage ccaudio-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryWindows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 2)Microsoft Windows 2000Certificate ValidationThe (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.Christine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDOffice 2000 WordPerfect Converter Buffer OverflowMicrosoft Windows 2000Microsoft Office 2000 SP3Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows XP Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows XPOperating SystemStack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage bayonne-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage bayonne-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage argus-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage argus-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_fastcgi-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage apache2-mod_fastcgi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage ant-jdepend is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-jdepend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryData Leak in NICSun Solaris 7Sun Am7990 Ethernet DriverMultiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.Brian SobyDRAFTMatthew WojcikDRAFTPackage apache2-mod_jk is installedopenSUSE 10.2openSUSE FactoryPackage apache2-mod_jk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage apache2-mod_tidy is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apache2-mod_tidy is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apt-server is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apt-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-ta is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ta is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apache2-mod-apparmor is installedSUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-mod-apparmor is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows XP (SP2) CSRSS Privilege Escalation VulnerabilityMicrosoft Windows XPClient Server Runtime System (CSRSS)Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDPackage appdefko is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage appdefko is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage apache2-prefork is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-prefork is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryOutlook Express v6.0 for Server 2003 Malformed Email Header Denial of ServiceMicrosoft Windows Server 2003Microsoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDPackage atk-doc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage atk-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bitstream-vera is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bitstream-vera is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-be is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-be is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage CheckHardware-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage CheckHardware-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-sr is installedopenSUSE 10.2openSUSE FactoryPackage aspell-sr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage asclock is installedopenSUSE 10.2openSUSE FactoryPackage asclock is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage arnold is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage arnold is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-hil is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-hil is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-sv is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-sv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-dictionaries is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aspell-dictionaries is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cpuspeed is installedSUSE Linux 10.0openSUSE FactoryPackage cpuspeed is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage cross-ppc-binutils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cross-ppc-binutils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage audit-libs-python is installedopenSUSE 10.2openSUSE FactoryPackage audit-libs-python is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage art-sharp2 is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage art-sharp2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage autoconf-el is installedopenSUSE 10.2openSUSE FactoryPackage autoconf-el is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage classpath-debuginfo is installedopenSUSE FactoryPackage classpath-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ant-nodeps is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-nodeps is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 1)Microsoft Windows 2000Windows 2000Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Tiffany BergeronACCEPTEDACCEPTEDPackage arptables-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage arptables-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 98 Long Share Names VulnerabilityMicrosoft Windows 98Windows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage bridge-utils is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage bridge-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage antlr-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage antlr-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ant-manual is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-manual is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage at76_usb-kmp-debug is installedopenSUSE FactoryPackage at76_usb-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage apache2-mod_auth_ntlm_winbind is installedopenSUSE 10.2openSUSE FactoryPackage apache2-mod_auth_ntlm_winbind is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage aspell-da is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-da is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage arcad_eval is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage arcad_eval is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage crash is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage crash is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryGaim DoS via Malformed MSN MessageRed Hat Enterprise Linux 3GaimGaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDPackage apache2-mod_apparmor-debuginfo is installedopenSUSE FactoryPackage apache2-mod_apparmor-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aqbanking-gtk2 is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-gtk2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage aspell-gu is installedopenSUSE FactoryPackage aspell-gu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-en is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-en is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apache2-mod_jk-debuginfo is installedopenSUSE FactoryPackage apache2-mod_jk-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage apache2-mod_fastcgi is installedSUSE Linux 10.0openSUSE FactoryPackage apache2-mod_fastcgi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage asm-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage asm-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apt-libs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apt-libs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryOpenSSL Denial of Service VulnerabilitiesSun Solaris 8Sun Crypto Accelerator 4000The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage aranym is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aranym is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Kernel Debugger-based Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage CASA_auth_token_jaas_support is installedopenSUSE 10.2openSUSE FactoryPackage CASA_auth_token_jaas_support is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage avahi-compat-mDNSResponder-64bit is installedopenSUSE FactoryPackage avahi-compat-mDNSResponder-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage apache2-mod_python is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-mod_python is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aqbanking-yellownet is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-yellownet is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage cpuspeed-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage cpuspeed-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage aspell-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aspell-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_fcgid is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage apache2-mod_fcgid is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage binutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage binutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage ant-commons-logging is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-commons-logging is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLinux Route Cache / Netfilter Denial of ServiceRed Hat Linux 9NetfilterThe route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage ant-apache-regexp is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-apache-regexp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_murka is installedSUSE Linux 10.0openSUSE FactoryPackage apache2-mod_murka is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage ant-jmf is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-jmf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ant-apache-bcel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-apache-bcel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cppunit-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage cppunit-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cdp-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage cdp-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage alsa-plugins-samplerate is installedopenSUSE FactoryPackage alsa-plugins-samplerate is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-vi is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-vi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage amrnb-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage amrnb-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage asm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage asm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryNetfilter Denial of ServiceRed Hat Linux 9NetfilterThe connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows 2000 Network Connection Manager Privilege EscalationMicrosoft Windows 2000Network Connection Manager (NCM)A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.Christine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDPackage appleir-kmp-default is installedopenSUSE FactoryPackage appleir-kmp-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage avalon-logkit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avalon-logkit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage baekmuk is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage baekmuk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apache2-mod_apparmor is installedopenSUSE 10.2openSUSE FactoryPackage apache2-mod_apparmor is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ant-apache-log4j is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-apache-log4j is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage appleir-kmp-debug is installedopenSUSE FactoryPackage appleir-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage cjk-latex is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage cjk-latex is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryKCMS KCS_OPEN_PROFILE File Disclosure VulnerabilitySun Solaris 7kcms_serverDirectory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.Brian SobyDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage apparmor-parser is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage apparmor-parser is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryOpenSSL Double-free VulnerabilitySun Solaris 8Sun Solaris 9Sun ClusterDouble-free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 Unknown Vector SMB VulnerabilityMicrosoft Windows Server 2003SMB (Server Message Block)Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDPackage amarok-lang is installedopenSUSE FactoryPackage amarok-lang is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage balsa-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage balsa-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bluez-gnome is installedopenSUSE 10.2openSUSE FactoryPackage bluez-gnome is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage coreutils-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage coreutils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage asclock-debuginfo is installedopenSUSE FactoryPackage asclock-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage alsa-plugins-jack is installedopenSUSE 10.2openSUSE FactoryPackage alsa-plugins-jack is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage aspell-ca is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ca is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage avalon-framework is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avalon-framework is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage books is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage books is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryAnimated Cursor Denial of Service (Server 2003)Microsoft Windows Server 2003Windows Animated CursorThe Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE5.01,SP3 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage amarok-xine is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage amarok-xine is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage apache2-mod_mono-debuginfo is installedopenSUSE FactoryPackage apache2-mod_mono-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage alsa-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsa-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aseqview-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aseqview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage alsa-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsa-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-la is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-la is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ant-jai is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-jai is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryDoS Vulnerability in libpng function png_handle_iCCP()Sun Solaris 7libpngThe png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage configure-thinkpad is installedSUSE Linux 10.0openSUSE FactoryPackage configure-thinkpad is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryWindows XP Hyperlink Object Library Unchecked Buffer VulnerabilityMicrosoft Windows XPHyperlink Object LibraryThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage avahi-compat-mDNSResponder-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avahi-compat-mDNSResponder-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryLicense Logging Service Vulnerability (Windows 2000)Microsoft Windows 2000MDAC 2.8The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbtirary code, aka the "License Logging Service Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage CommonC++-devel is installedSUSE Linux 10.0openSUSE FactoryPackage CommonC++-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage amrnb is installedSUSE Linux 10.1openSUSE FactoryPackage amrnb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage classpath-devel is installedopenSUSE 10.2openSUSE FactoryPackage classpath-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage ant-javamail is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-javamail is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage acpiw-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage acpiw-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Font Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDACCEPTEDPackage alltray is installedSUSE Linux 10.1openSUSE FactoryPackage alltray is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage CASA-32bit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage CASA-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP,SP2 Print Spooler Service Buffer OverflowMicrosoft Windows XPOperating SystemBuffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE6 for Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDPackage bmp is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage ant-junit is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-junit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage asl is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage asl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ant-apache-resolver is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-apache-resolver is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_macro is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-mod_macro is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aqbanking-ofx-qt3 is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-ofx-qt3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage aspell-fr is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-fr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apache2-mod_python-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apache2-mod_python-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage amanda-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage amanda-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryClear Text Password Logging VulnerabilitySun Solaris 9Operating SystemSolaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDPackage bind-libs-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bind-libs-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage arts-gmcop is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage arts-gmcop is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aspell-csb is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-csb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage antiword is installedopenSUSE FactoryPackage antiword is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryHyperTerminal Session File Vulnerability (Windows XP,SP2)Microsoft Windows XPHyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDChristine WalzerDavid ProulxINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDPackage alsa-tools is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage alsa-tools is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage aspell-br is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-br is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage abiword is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage abiword is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWINS Association Context Vulnerability (Windows 2000)Microsoft Windows 2000Windows 2000The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage alsa is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage alsa is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryLinux Kernel ptrace Privilege Escalation VulnerabilityRed Hat Linux 9Linux kernelThe kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDBIND SIG Resource Records Buffer OverflowSun Solaris 7BindBuffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage apache2-mod_perl-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apache2-mod_perl-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP4 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDKerberos 5 KDC Heap Corruption VulnerabilitySun Solaris 8Kerberos5The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").Brian SobyDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDVulnerability exists in standard Solaris kerberos and SEAM. This definition only covers Solaris kerberosPackage alsa-plugins-maemo is installedopenSUSE FactoryPackage alsa-plugins-maemo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage apache2-mod_php4 is installedSUSE Linux 10.0openSUSE FactoryPackage apache2-mod_php4 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage acerhk-kmp-xenpae is installedopenSUSE 10.2openSUSE FactoryPackage acerhk-kmp-xenpae is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage bmp-plugins is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bmp-plugins is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-ga is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ga is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bdfresize is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bdfresize is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySQL Server Format String VulnerabilityMicrosoft Windows 2000Windows 2000Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.Yi-Fang KohACCEPTEDPackage acroread is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage acroread is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage ant is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage ant is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage armagetron-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage armagetron-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aelfred is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage aelfred is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage asterisk-capi is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk-capi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_scgi is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage apache2-mod_scgi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apparmor-profile-editor is installedopenSUSE 10.2openSUSE FactoryPackage apparmor-profile-editor is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage abuse is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage abuse is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-worker is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-worker is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage agfa-fonts is installedNovell Linux Desktop 9SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage agfa-fonts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage BitTorrent-gtk is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage BitTorrent-gtk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aircrack-ng-debuginfo is installedopenSUSE FactoryPackage aircrack-ng-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-es is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-es is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows Server 2003 (32-Bit) DirectPlay Denial of ServiceMicrosoft Windows Server 2003DirectXIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronTiffany BergeronTiffany BergeronINTERIMACCEPTEDACCEPTEDPackage bonnie++ is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bonnie++ is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage cg-32bit is installedopenSUSE FactoryPackage cg-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage archzoom is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage archzoom is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage alien is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alien is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage acerhk-kmp-default is installedopenSUSE 10.2openSUSE FactoryPackage acerhk-kmp-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage aspell-bn is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-bn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bibview-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bibview-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage antivir is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage antivir is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage acx-kmp-ppc64 is installedopenSUSE FactoryPackage acx-kmp-ppc64 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ant-apache-oro is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-apache-oro is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryRPC Runtime Library Denial of Service and Information Disclosure Vulnerability (NT 4.0)Microsoft Windows NTRemote Procedure Call (RPC)The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.Matthew BurtonDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDPackage chmlib-debuginfo is installedopenSUSE FactoryPackage chmlib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage apache2-mod_perl is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-mod_perl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage amtu is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage amtu is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage amarok-helix is installedSUSE Linux 10.1openSUSE FactoryPackage amarok-helix is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage clucene-core-32bit is installedopenSUSE FactoryPackage clucene-core-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryKerberos krb4 Ticket Splicing VulnerabilityRed Hat Linux 9krb5Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Chunked Encoding Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDPackage asc-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asc-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage abiword-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage abiword-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-ia is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-ia is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage clamav-db is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage clamav-db is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows Utility Manager Shatter Message Vulnerability IIMicrosoft Windows 2000Utility ManagerUtility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.Jonathan BakerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage acerhk is installedopenSUSE 10.2openSUSE FactoryPackage acerhk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage aspell-fy is installedopenSUSE FactoryPackage aspell-fy is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage autotrace is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage autotrace is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage amarok is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage amarok is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage apache2-mod_auth_ntlm_winbind-debuginfo is installedopenSUSE FactoryPackage apache2-mod_auth_ntlm_winbind-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bluez-libs-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bluez-libs-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage capi4linux-devel is installedopenSUSE FactoryPackage capi4linux-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryIE v6.0 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage aide is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aide is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage albumshaper-debuginfo is installedopenSUSE FactoryPackage albumshaper-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ant-antlr is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-antlr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage amarok-gstreamer is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage amarok-gstreamer is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_tidy-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apache2-mod_tidy-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apparmor-dbus is installedopenSUSE FactoryPackage apparmor-dbus is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryKerberos krb4 Plaintext Attack VulnerabilityRed Hat Linux 9krb5Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage aspell-gv is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-gv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage aqbanking-kde3 is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-kde3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage armagetron is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage armagetron is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avahi-compat-mDNSResponder is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avahi-compat-mDNSResponder is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage apel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage ckermit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage ckermit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apache2-mod_php5 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-mod_php5 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage audit-libs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage audit-libs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage checkinstall-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage checkinstall-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bzflag-devel is installedSUSE Linux 10.1openSUSE FactoryPackage bzflag-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ant-scripts is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-scripts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage akpi-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage akpi-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage amarok-helix-backend is installedSUSE Linux 10.1openSUSE FactoryPackage amarok-helix-backend is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage agrep is installedopenSUSE FactoryPackage agrep is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage atk-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage atk-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage biabam is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage biabam is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage calamaris is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage calamaris is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage alsa-tools-devel is installedopenSUSE FactoryPackage alsa-tools-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage adaptec-firmware is installedopenSUSE FactoryPackage adaptec-firmware is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage apparmor-provider-control is installedSUSE Linux Enterprise Server 10openSUSE FactoryPackage apparmor-provider-control is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryNetwork News Transfer Protocol Buffer OverflowMicrosoft Windows Server 2003Network News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDPackage asc is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage asc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage alsa-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsa-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage audiofile-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage audiofile-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-is is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-is is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage alsa-oss-32bit is installedopenSUSE FactoryPackage alsa-oss-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage acpid is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage acpid is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bootp-DD2-debuginfo is installedopenSUSE FactoryPackage bootp-DD2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage asterisk is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage asterisk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage argus-client-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage argus-client-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apparmor-admin_en is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage apparmor-admin_en is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage abuse-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage abuse-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryAddress Bar Spoofing on Double Byte Character Set Systems Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP Indexing Service Code Execution VulnerabilityMicrosoft Windows XPIndexing ServiceThe Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.Harvey RubinovitzDRAFTINTERIMACCEPTEDACCEPTEDPackage blender-doc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blender-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage amarok-yauap is installedopenSUSE FactoryPackage amarok-yauap is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-mt is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-mt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage amarok-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage amarok-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage blocxx-doc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage blocxx-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage check is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage check is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage acl-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage acl-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryKerberos KDC Heap Corruption Denial of ServiceRed Hat Linux 9krb5The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage ant-phone is installedopenSUSE FactoryPackage ant-phone is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage amanda is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage amanda is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage alsa-utils-debuginfo is installedopenSUSE FactoryPackage alsa-utils-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage apache2-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage acx-kmp-debug is installedopenSUSE FactoryPackage acx-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage akpi is installedSUSE Linux 10.0openSUSE FactoryPackage akpi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage chasen-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage chasen-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage acerhk-kmp-bigsmp is installedopenSUSE 10.2openSUSE FactoryPackage acerhk-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMicrosoft Excel Malformed FNGROUPCOUNT value VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelUnspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.Robert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP/Server 2003 (64-Bit) Enhanced Metafile Image Format Rendering Buffer OverflowMicrosoft Windows XPMicrosoft Windows Server 2003Enhanced Metafile (EMF)Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."Ingrid SkoogIngrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage alsa-tools-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsa-tools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryBSM Audit Kernel PanicSun Solaris 7Sun Solaris 8Sun Solaris 9Basic Security ModuleUnknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).Brian SobyDRAFTSudhir GandheDRAFTPackage amarok-xmms is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage amarok-xmms is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryypxfrd File Disclosure VulnerabilitySun Solaris 7NISThe getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage alltray-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage alltray-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aufs-kmp-debug-cvs20070604_2 is installedopenSUSE FactoryPackage aufs-kmp-debug-cvs20070604_2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage bayonne2-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage bayonne2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage attr is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage attr is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMozilla, Firefox, Thunderbird User Interface Hijacking VulnerabilitySun Solaris 8mozillaMozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage aspell-mk is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-mk is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage AdobeICCProfiles is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage AdobeICCProfiles is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryWord 2002 Malicious .doc Buffer Overflow IIMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2002Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage alevt is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alevt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP (64-Bit) DirectPlay Denial of ServiceMicrosoft Windows XPDirectXIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronTiffany BergeronTiffany BergeronINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDPackage apache2-mod_macro-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apache2-mod_macro-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aqbanking-geldkarte-qt3 is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-geldkarte-qt3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage albumshaper is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage albumshaper is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryScob and Toofer Internet Explorer v5.5,SP2 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDACCEPTEDPackage adm8211 is installedopenSUSE FactoryPackage adm8211 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ccscript-devel is installedSUSE Linux 10.0openSUSE FactoryPackage ccscript-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryPackage ami-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ami-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage a2ps-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage a2ps-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aspell-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage acx-kmp-bigsmp is installedopenSUSE FactoryPackage acx-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aegis-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aegis-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage cgwd-debuginfo is installedopenSUSE FactoryPackage cgwd-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage at76_usb-kmp-default is installedopenSUSE FactoryPackage at76_usb-kmp-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage acpid-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage acpid-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows NT IIS FTP Connection Status Request Denial of ServiceMicrosoft Windows NTFTPThe FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.Tiffany BergeronGlenn StricklandINTERIMACCEPTEDACCEPTEDPackage aspell-eo is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-eo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage alsamixergui-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsamixergui-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage amavisd-new is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage amavisd-new is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage acct-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage acct-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows NT Unchecked Buffer in NetDDEMicrosoft Windows NTNetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage alsa-oss-64bit is installedopenSUSE FactoryPackage alsa-oss-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aspell-lv is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-lv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage arts-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage arts-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Publisher 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Publisher 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage apt-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apt-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage beagle-quickfinder is installedopenSUSE 10.2openSUSE FactoryPackage beagle-quickfinder is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryIE5.01,SP3 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage archway is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage archway is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage acerhk-kmp-debug is installedopenSUSE 10.2openSUSE FactoryPackage acerhk-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryWindows Server 2003 Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows Server 2003Operating SystemThe Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDPackage aaa_base-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage aaa_base-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWord Malformed String VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordUnspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Media Player PNG Processing VulnerabilityMicrosoft Windows 2000Windows Media Player 9Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMultiple Buffer Overflows in libpngSun Solaris 7libpngMultiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage apel-xemacs is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apel-xemacs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bin86 is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bin86 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apparmor-docs is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage apparmor-docs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage abcde-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage abcde-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage appleir-kmp-bigsmp is installedopenSUSE FactoryPackage appleir-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ccaudio2 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ccaudio2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_murka-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage apache2-mod_murka-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryTroubleshooter ActiveX Control Buffer OverflowMicrosoft Windows 2000Windows 2000Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.Tiffany BergeronAndrew ButtnerACCEPTEDACCEPTEDPackage acx is installedopenSUSE FactoryPackage acx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage amrnb-devel is installedSUSE Linux 10.1openSUSE FactoryPackage amrnb-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bluez-hcidump is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage bluez-hcidump is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage acerhk-kmp-kdump is installedopenSUSE 10.2openSUSE FactoryPackage acerhk-kmp-kdump is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage adaptx-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage adaptx-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage abcde is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage abcde is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apache2-mod_fcgid-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage apache2-mod_fcgid-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage alsamixergui is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsamixergui is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage a2ps-perl-ja is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage a2ps-perl-ja is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-uz is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-uz is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v6.0,SP1 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerDouble-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage bing is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bing is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bootsplash-theme-SuSE-classic is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bootsplash-theme-SuSE-classic is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage afs-krb5-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage afs-krb5-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage apparmor-profile-editor-debuginfo is installedopenSUSE FactoryPackage apparmor-profile-editor-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage adm8211-kmp-bigsmp is installedopenSUSE FactoryPackage adm8211-kmp-bigsmp is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage argus-server is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage argus-server is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows XP,SP2 COM Structured Storage VulnerabilityMicrosoft Windows XPCOM Internet ServicesWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage bonobo-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage bonobo-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySQL Server Named Pipe HijackingMicrosoft Windows 2000SQL Server 2000Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.Yi-Fang KohJonathan BakerINTERIMACCEPTEDINTERIMIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows Project Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage apache-example-pages is installedopenSUSE FactoryPackage apache-example-pages is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aalib-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aalib-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage adm8211-kmp-default is installedopenSUSE FactoryPackage adm8211-kmp-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows XP RPCSS DCOM Buffer Overflow (Blaster, Test 2)Microsoft Windows XPDistributed Component Object Model (DCOM)Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDThis bulletin has been superceded by MS03-039. Definition reflects updated information.Package acroread_ja is installedSUSE Linux Enterprise Desktop 10openSUSE FactoryPackage acroread_ja is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryPackage alacarte is installedopenSUSE 10.2openSUSE FactoryPackage alacarte is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryMicrosoft Excel Malformed File VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.Robert L. HollisINTERIMACCEPTEDACCEPTEDPackage aelfred-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage aelfred-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage avalon-logkit-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage avalon-logkit-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage argus-client is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage argus-client is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage adm8211-kmp-ppc64 is installedopenSUSE FactoryPackage adm8211-kmp-ppc64 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage busybox is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage busybox is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage ant-swing is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-swing is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bluez-hcidump-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bluez-hcidump-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ant-javadoc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-javadoc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryAddress Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage aaa_skel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aaa_skel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage autolog-debuginfo is installedopenSUSE FactoryPackage autolog-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryBuffer Overrun in DHCP Client Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DHCP ClientBuffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.Robert L. HollisINTERIMACCEPTEDACCEPTEDPackage apache2-mod_perl-devel is installedopenSUSE FactoryPackage apache2-mod_perl-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage anjuta-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage anjuta-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aqbanking-qt3 is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-qt3 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryVulnerability in RPC Could Allow Denial of ServiceMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaOperating Systemrpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSQL Server Extended Stored Procedure Parameter ParsingMicrosoft Windows 2000Microsoft SQL ServerThe xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.Tiffany BergeronIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMIngrid SkoogACCEPTEDChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDPackage arpwatch is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage arpwatch is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apparmor-profiles is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage apparmor-profiles is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bbtools-gui is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bbtools-gui is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aegis is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aegis is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bayonne2 is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage bayonne2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryExchange Server 2003 (INTERIM) Routing Engine Buffer OverflowMicrosoft Windows Server 2003SMTPThe SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.Christine WalzerDRAFTChristine WalzerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDxdrmem_bytes() Integer Overflow VulnerabilityRed Hat Linux 9krb5Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDIE v5.5 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxACCEPTEDPackage apache2-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apache2-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage afio-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage afio-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage adns-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage adns-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage amavisd-new-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage amavisd-new-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP Named Pipe Vulnerability (32-bit architecture)Microsoft Windows XPThe Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."Jonathan BakerDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage bsd-games is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bsd-games is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage acl is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage acl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySharePoint Privilege Elevation VulnerabilityMicrosoft Windows Server 2003SharePointMultiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.Robert L. HollisDRAFTChris WoodINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2007 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Office SharePoint Server 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDError Handling Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDPackage akonadi is installedopenSUSE FactoryPackage akonadi is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage ant-apache-bsf is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage ant-apache-bsf is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryDHCP Server Logging Vulnerability (NT 4.0)Microsoft Windows NTDHCPThe DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."Ingrid SkoogDRAFTIngrid SkoogIngrid SkoogINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage bakefile is installedopenSUSE FactoryPackage bakefile is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aircrack-ng is installedopenSUSE 10.2openSUSE FactoryPackage aircrack-ng is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage antivir-avguard is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage antivir-avguard is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage ant-trax is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage ant-trax is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows Messenger 5 libpng Buffer OverflowMicrosoft Windows 2000MDAC 2.8Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.Christine WalzerDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJason SpashettINTERIMJohn HoylandACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft IIS 6.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft IIS 6.0 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDRed Hat Enterprise Linux 4The operating system installed on the system is Red Hat Enterprise Linux 4.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPackage apache2-doc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage blackbox-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage blackbox-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-gl is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-gl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows NT Terminal Server Kernel Debugger-based Buffer OverflowMicrosoft Windows NTWindows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage avahi-python is installedopenSUSE FactoryPackage avahi-python is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage aqbanking-ofx is installedopenSUSE 10.2openSUSE FactoryPackage aqbanking-ofx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage anjuta is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage anjuta is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage abook is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage abook is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bogofilter-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bogofilter-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryURL Parsing Memory Corruption Vulnerability (IE5.01,SP4)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage apparmor-dbus-debuginfo is installedopenSUSE FactoryPackage apparmor-dbus-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryPackage alsa-tools-gui is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsa-tools-gui is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.5 Frames Cross-site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.Harvey RubinovitzACCEPTEDACCEPTEDMSN Messenger 8.1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerMSN Messenger 8.1 is installedRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSun RPC No Timeout Denial of Service on TCP PortsSun Solaris 7libcThe Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage bbtools-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bbtools-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP (32-bit,SP2/64-bit,SP1) Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows XPOperating SystemThe Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerINTERIMACCEPTEDINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDAddress Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDPackage aaa_base is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aaa_base is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryVulnerability in Windows Shell Could Allow Elevation of PrivilegeMicrosoft Windows XPMicrosoft Windows Server 2003Operating SystemThe hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage black-box is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage black-box is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-tl is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-tl is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage apt4rpm is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apt4rpm is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage acerhk-kmp-xen is installedopenSUSE 10.2openSUSE FactoryPackage acerhk-kmp-xen is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factorySun Microsystems Solaris 10The operating system installed on the system is Sun Solaris 10.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDActiveX Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDPackage beagle is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage beagle is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySecurity Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning AttackSun Solaris 10ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDServer is a Server2003 Domain ControllerMicrosoft Windows Server 2003Server is a Server 2003 Domain ControllerRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDLocal Users May be Able to Hang Systems That Have Loaded The Kernel Debugger kmdb(1)Sun Solaris 10Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSendmail Address Processor Buffer OverflowSun Solaris 7Sun Solaris 8Sun Solaris 9SendmailBuffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage aspell-nn is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-nn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryOffice Malformed Chart Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeMicrosoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 SSL Cached Content VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWord 2000 Malicious .doc Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2000Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage adaptx is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage adaptx is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryA Security Vulnerability in the Handling of Thread Contexts in the Solaris Kernel May Allow a Denial of Service (DoS)Sun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 4 for x64Red Hat Enterprise Linux 4The operating system installed on the system is Red Hat Enterprise Linux 4 for x64.Mark VillanovaDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris libnsl(3LIB) may lead to a Denial of Service (DoS) to the rpcbind(1M) ServiceSun Solaris 8Sun Solaris 9Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesThe XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 5 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 5 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 3 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player Code Execution Vulnerability Parsing SkinsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaWindows Media PlayerMicrosoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in X Display Manager (xdm(1)) Xsession ScriptSun Solaris 8Sun Solaris 9Sun Solaris 10The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDIIS4.0 Redirect Function Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.David ProulxINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMGlenn StricklandACCEPTEDACCEPTEDSecurity Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris HostSun Solaris 10Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDPowerPoint Malformed Record Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPointUnspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2000 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft PowerPoint 2000 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft PowerPoint 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft PowerPoint 2002 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows 2000 Variant of Chunked Encoding Buffer OverrunMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."Andrew ButtnerACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 TCP Fusion Code May Lead to a System Panic, Resulting in a Denial of Service (DoS)Sun Solaris 10The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDPackage alevtd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alevtd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aeolus is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aeolus is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP (32-Bit) DirectPlay Denial of ServiceMicrosoft Windows XPDirectXIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronTiffany BergeronTiffany BergeronTiffany BergeronINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDSun Solaris Unspecified x86 64 Bit Local Denial Of ServiceVulnerabilitySun Solaris 10Operating SystemUnspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDSun Microsystems Solaris 8The operating system installed on the system is Sun Solaris 8.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDWin2k Path MTU Discovery Attack VulnerabilityMicrosoft Windows 2000Windows 2000Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage argus is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage argus is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryPackage bluez-gnome-debuginfo is installedopenSUSE FactoryPackage bluez-gnome-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryMSHTA Code Execution Vulnerability (64-bit XP,SP1)Microsoft Windows XPWindows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMACCEPTEDACCEPTEDSendmail Custom DNS Map Buffer OverflowSun Solaris 9SendmailBuffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.Brian SobyDRAFTBrian SobyINTERIMACCEPTEDACCEPTEDWindows Media Player v8.0 is installed.Microsoft Windows 2000Microsoft Windows XPMedia PlayerWindows Media Player v8.0 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDInteger Overflows in Windows NT DirectX MIDI Library (QUARTZ.DLL)Microsoft Windows NTDirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDPackage apache2-mod_mono is installedopenSUSE 10.2openSUSE FactoryPackage apache2-mod_mono is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage apache2-mod_auth_mysql is installedSUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apache2-mod_auth_mysql is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySun Microsystems Solaris 9The operating system installed on the system is Sun Solaris 9.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability With the Special File System (SPECFS) strfreectty() Function May Allow a Local Unprivileged User to Panic a SystemSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDPackage apcupsd is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage apcupsd is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorySecurity Vulnerability in Solaris Named Pipes (pipe(2)) May Allow Unauthorized Data AccessSun Solaris 8Sun Solaris 9Sun Solaris 10Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative value to the I_PEEK ioctl.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDHelp and Support Center PCHealth System Buffer Overflow (Windows 2000)Microsoft Windows 2000Help and Support Center (HSC)Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage aalib is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aalib is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows NT Windows POSIX Buffer OverflowMicrosoft Windows NTPOSIXThe POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.Ingrid SkoogIngrid SkoogINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDSecurity Vulnerability Due to Buffer Overflow in The format(1M) Command May Allow Privilege Elevation For Certain RBAC ProfilesSun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSamba call_trans2open() Buffer OverflowSun Solaris 9SambaBuffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDPackage bing-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage bing-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v5.01,SP4 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage abook-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage abook-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bind-doc is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage bind-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows Server 2003 HtmlHelp Heap OverflowMicrosoft Windows Server 2003HTML Help FacilityHeap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in BIND 8 May Allow Cache Poisoning AttackSun Solaris 8Sun Solaris 9The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Feed Headline Gadget.Microsoft Windows VistaAndrew ButtnerDRAFTDRAFTPackage arptables is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage arptables is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage bind-chrootenv is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage bind-chrootenv is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryKDM Weak Cookie VulnerabilityRed Hat Linux 9KDMKDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWorkspace Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft ExcelMicrosoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris libsldap Library May Allow a Denial of Service to nscd(1M)Sun Solaris 8Sun Solaris 9Sun Solaris 10The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDPackage aspell-pt is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-pt is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryVulnerability in Microsoft Data Access Components Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDKerberos 5 ASN.1 Library DoSSun Solaris 9Kerberos5The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.Brian SobyDRAFTBrian SobyINTERIMACCEPTEDACCEPTEDPackage a2ps is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage a2ps is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryOutlook Express v5.5,SP2 Malformed Email Header Denial of ServiceMicrosoft Windows 2000Microsoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDPackage ash-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ash-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aspell-sc is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-sc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows 2000 Messenger Service Buffer OverflowMicrosoft Windows 2000Messenger ServiceThe Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.Christine WalzerACCEPTEDAndrew ButtnerACCEPTEDACCEPTEDPackage balsa is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage balsa is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2003/64-bit XP Indexing Service Code Execution VulnerabilityMicrosoft Windows Server 2003Indexing ServiceThe Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.Harvey RubinovitzDRAFTINTERIMACCEPTEDACCEPTEDCalculation Error VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the TCP Implementation of Solaris 10 Systems May Result in a System Panic Under High TCP/IP TrafficSun Solaris 10Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.Gyesi AmaniampongDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage adm8211-kmp-debug is installedopenSUSE FactoryPackage adm8211-kmp-debug is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryAgent Remote Code Execution VulnerabilityMicrosoft Windows 2000Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:microsoft:windows-nt:2000:sp4Vulnerability in Contacts Gadget.Microsoft Windows VistaAndrew ButtnerDRAFTDRAFTWindows 2000 Enhanced Metafile Image Format Rendering Buffer OverflowMicrosoft Windows 2000Enhanced Metafile (EMF)Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPackage banshee-plugins-extra is installedopenSUSE 10.2openSUSE FactoryPackage banshee-plugins-extra is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryHP-UX 11.23 Blind Connection Reset Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDActiveX Object VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerThe tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDWindows NT Certificate Validation Identity Spoofing Vulnerability (Test 2)Microsoft Windows NTCertificate ValidationMicrosoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).Christine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWord 2002 Malicious .doc Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2002Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage alsa-plugins-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsa-plugins-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage adns is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage adns is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE v5.5,SP2 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerDouble-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 IIS HTTP Redirect Error Message Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.Harvey RubinovitzACCEPTEDMicrosoft Office Remote Code Execution Using a Malformed GIF VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeBuffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Project 2000 SR1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Project 2000 SR1 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDVulnerability With Solaris IPv6 May Allow a Remote User the Ability to Create a Denial of Service ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris Auditing (BSM) Related to Network Auditing May Lead to Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.Todd DolinskyDRAFTINTERIMACCEPTEDACCEPTEDPackage audit-libs-32bit is installedopenSUSE 10.2openSUSE FactoryPackage audit-libs-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryBIND DoS via SIG RR ElementsSun Solaris 7BindBIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.Brian SobyDRAFTINTERIMACCEPTEDACCEPTED.NET PE Loader VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003.NET FrameworkThe PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.Sudhir GandheDRAFTSudhir GandheRobert L. HollisRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDmono-web ASP.net sourcecode disclosureopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10bytefx-data-mysqlibm-data-db2mono-basicmono-coremono-core-32bitmono-datamono-data-firebirdmono-data-oraclemono-data-postgresqlmono-data-sqlitemono-data-sybasemono-develmono-extrasmono-jscriptmono-locale-extrasmono-nunitmono-webmono-winformsThe System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.Thomas R. JonesDRAFTINTERIMACCEPTEDNicholas HansenINTERIMNicholas HansenNicholas HansenJeff ChengJeff ChengJeff ChengACCEPTEDACCEPTEDcpe://novell:opensuse:10.2cpe://novell:suse_linux:10.1cpe://novell:suse_linux_enterprise:10:desktopcpe://novell:suse_linux_enterprise:10:servercpe:///novell:bytefx-data-mysqlcpe:///novell:ibm-data-db2cpe:///novell:mono-basiccpe:///novell:mono-corecpe:///novell:mono-core-32bitcpe:///novell:mono-datacpe:///novell:mono-data-firebirdcpe:///novell:mono-data-oraclecpe:///novell:mono-data-postgresqlcpe:///novell:mono-data-sqlitecpe:///novell:mono-data-sybasecpe:///novell:mono-develcpe:///novell:mono-extrascpe:///novell:mono-jscriptcpe:///novell:mono-locale-extrascpe:///novell:mono-nunitcpe:///novell:mono-webcpe:///novell:mono-winformsPackage mono-basic is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package mono-basic is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage ibm-data-db2 is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package ibm-data-db2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage bytefx-data-mysql is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package bytefx-data-mysql is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage mono-data-postgresql is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-data-postgresql is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverPackage mono-data-oracle is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-data-oracle is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverPackage mono-jscript is installedopenSUSE 10.2SUSE Linux 10.1Package mono-jscript is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1Package mono-data-firebird is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-data-firebird is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverPackage mono-extras is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package mono-extras is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopSUSE Linux 10.1 is installedSUSE Linux 10.1 is installed.Thomas R. JonesDRAFTJonathan BakerINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDACCEPTEDPackage mono-data-sqlite is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-data-sqlite is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverPackage mono-winforms is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package mono-winforms is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopPackage mono-nunit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-nunit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverSUSE Linux Enterprise Desktop 10 is installedSUSE Linux Enterprise Desktop 10 is installed.Thomas R. JonesDRAFTJonathan BakerINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDACCEPTEDPackage aspell-az is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-az is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryNovell Linux Desktop 9 is installedNovell Linux Desktop 9 is installed.Thomas R. JonesDRAFTJonathan BakerThomas R. JonesINTERIMACCEPTEDACCEPTEDSNMP Agent Service Buffer OverflowMicrosoft Windows 2000Simple Network Management Protocol (SNMP)Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.Tiffany BergeronACCEPTEDRemote Code Execution Vulnerability in GDIMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemInteger overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDPackage a2ac is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage a2ac is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryContent Disposition Parsing Cross Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDPackage apcupsd-gui is installedopenSUSE 10.2openSUSE FactoryPackage apcupsd-gui is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryPackage alsa-oss is installedopenSUSE FactoryPackage alsa-oss is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factorySecurity Vulnerabilities in The Solaris Event Port API May Result in a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage atitvout is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage atitvout is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aide-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage aide-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMicrosoft Word 2007 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe application Microsoft Word 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage alsa-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage alsa-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryVulnerability in Weather Gadget.Microsoft Windows VistaAndrew ButtnerDRAFTDRAFTASP.NET Null Byte Termination VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003.NET FrameworkInterpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."Sudhir GandheDRAFTRobert L. HollisRobert L. HollisRobert L. HollisJonathan BakerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 1.0 (Service Pack 3 or later) is InstalledMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Vista.NET FrameworkMicrosoft .NET Framework 1.0 (Service Pack 3 or later) is InstalledSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDScob and Toofer Internet Explorer v6.0,SP1 for Server 2003 VulnerabilitiesMicrosoft Windows Server 2003Microsoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft XML Core Services Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft XML Core ServicesMicrosoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Word2000 Malformed Object Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordBuffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.Robert L. HollisDRAFTJohn HoylandINTERIMACCEPTEDACCEPTEDPackage a2ac-debuginfo is installedSUSE Linux 10.1openSUSE FactoryPackage a2ac-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage mono-locale-extras is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-locale-extras is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverKerberos Client Plaintext Password VulnerabilitySun Solaris 9pam_krb5Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.Brian SobyDRAFTBrian SobyINTERIMACCEPTEDACCEPTEDExcel Filter Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerHeap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMSN Messenger 8.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerMSN Messenger 8.0 is installedRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMSN Messenger 6.2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerMSN Messenger 6.2 is installedRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMSN Messenger 7.5 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerMSN Messenger 7.5 is installedRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDLSASS Privilege Escalation Vulnerability (64-bit XP, SP1)Microsoft Windows XPLocal Security Authority Subsystem Service (LSASS)LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (WinXP,SP1)Microsoft Windows XPOperating SystemBuffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (WinS03)Microsoft Windows Server 2003Operating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) via by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDGDI Local Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPOperating SystemThe Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDACCEPTEDVulnerability in Crystal Reports for Visual Studio Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaVisual StudioStack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.Robert L. HollisDRAFTJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio 2005 is installed.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio 2005 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIMAP Literal Processing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerInteger overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDDrawing Object VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft OfficeUnspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMS Outlook (Word 2000) RTF/HTML Script Execution VulnerabilityMicrosoft Windows 2000Microsoft Word 2000Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDUPnP Memory Corruption VulnerabilityMicrosoft Windows XPOperating SystemStack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDACCEPTEDMSN Messenger 7.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerMSN Messenger 7.0 is installedRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Windows 2000Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDURL Parsing Cross Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook ExpressA component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Professional 9.3 is installedSUSE Linux Professional 9.3 is installed.Thomas R. JonesDRAFTJonathan BakerINTERIMACCEPTEDACCEPTEDWindows XP,SP2 Object Management VulnerabilityMicrosoft Windows XPWindows kernelBuffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDPackage mono-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10Package mono-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopIE ActiveX Popup Zone Restriction BypassMicrosoft Windows 2000Windows 2000Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).Tiffany BergeronAndrew ButtnerACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the tip(1) Command May Allow Execution of Arbitrary Code With Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDGNOME XScreenSaver in Solaris 8 and 9 may Allow Physically Proximate Attackers to Access the ConsoleSun Solaris 8Sun Solaris 9GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDExchange 2003,SP1 Calendar VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerUnspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Agent URL Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemUnspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the X Inter Client Exchange Library (libICE)Sun Solaris 8Sun Solaris 9Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris 10 inetd(1M) Service May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSpeech Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMultiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (64-bit XP)Microsoft Windows XPOperating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) via by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 Frames Cross-site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWorksheet Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft ExcelUnspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage antlr-manual is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage antlr-manual is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySUSE Linux 10.0 is installedSUSE Linux 10.0 is installed.Thomas R. JonesDRAFTJonathan BakerINTERIMACCEPTEDACCEPTEDSystem V login Buffer OverflowSun Solaris 7loginBuffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDMozilla JavaScript Execution in Mail When Forwarding In-lineMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CVE-2006-1531)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows NT Kernel Debugger-based Buffer OverflowMicrosoft Windows NTWindows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Human Interface Device (HID) Class Driver for SolarisSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDMozilla Accessing XBL Compilation Scope via valueOf.call()Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDFlaw in Word Fields and Excel External Updates Could Lead to Information DisclosureMicrosoft Windows 2000Microsoft Word 2000Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIP Source Route Vulnerability (S03,SP1)Microsoft Windows Server 2003Operating SystemBuffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Internet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMS Exchange Server Cross-site Scripting VulnerabilityMicrosoft Windows NTOutlook Web AccessCross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDdtsession(1X) Contains a Buffer Overflow VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDExcel Set Font VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft ExcelUnspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCSRSS DoS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaOperating SystemThe Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.Sudhir GandheDRAFTINTERIMRobert L. HollisSudhir GandheACCEPTEDACCEPTEDWindows Active Directory Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDISC BIND Cache Poison Denial Of ServiceSun Solaris 7BindISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.Brian SobyDRAFTINTERIMACCEPTEDBrian SobyBrian SobyINTERIMACCEPTEDACCEPTEDpkgadd(1M) May Set Incorrect Permissions if The pkgmap(4) File Contains a "?" in The "Mode" FieldSun Solaris 10pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDWindows XP ComboBox/ListBox GUI Widget User32.dll Buffer OverflowMicrosoft Windows XPWindows XPBuffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.Tiffany BergeronAndrew ButtnerACCEPTEDChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (64-bit XP)Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Kernel LPC Privilege Escalation Vulnerability (64-bit XP)Microsoft Windows XPWindows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDSMB Driver Elevation of Privilege Vulnerability (XP,SP1)Microsoft Windows XPOperating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage aspell-no is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage aspell-no is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryThe operating system installed on the system is Red Hat Enterprise Linux 5 for x64Red Hat Enterprise Linux 5The operating system installed on the system is Red Hat Enterprise Linux 5 for x64.Mark VillanovaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft JScript Memory Corruption Vulnerability (WinXP)Microsoft Windows XPOperating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer Overflows in Kerberos 5 (krb5_aname_to_localname)Sun Solaris 7Solaris Enterprise Authentication Mechanism (SEAM)Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.Brian SobyDRAFTBrian SobyINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDCMS Memory Corruption VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Content Management ServerMicrosoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Enterprise Server 9 is installedSUSE Linux Enterprise Server 9SUSE Linux Enterprise Server 9 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:9:serverWindows Script Engine Heap Overflow (Test 1)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPWindows Script Engine for JScript v5.6Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxDavid ProulxACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDSuppressed OVAL20Microsoft Windows 2000Distributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDMutt BO Vulnerability in balsaRed Hat Linux 9MuttBuffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDPackage aseqview is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aseqview is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP Negotiate Security Software Provider Denial of Service VulnerabilityMicrosoft Windows XPNegotiate SSP interfaceThe Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.Ingrid SkoogIngrid SkoogIngrid SkoogACCEPTEDChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDExchange 2003,SP2 Calendar VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerUnspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage adaptx-doc is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage adaptx-doc is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage afio is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage afio is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMSDTC Denial of Service Vulnerability (Win2K)Microsoft Windows 2000Operating SystemMicrosoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWeak Encryption in RDP ProtocolMicrosoft Windows 2000Remote Data Protocol (RDP)Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."Tiffany BergeronChristine WalzerINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the vuidmice(7M) STREAMS Modules May Lead to a Denial of Service (DoS) ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 5 for x86Red Hat Enterprise Linux 5The operating system installed on the system is Red Hat Enterprise Linux 5 for x86.Mark VillanovaDRAFTINTERIMACCEPTEDACCEPTEDRemote Code Execution Vulnerability in Flash Player 6&7 (XP,SP1)Microsoft Windows XPFlash PlayerMacromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCSS Cross-Domain Information Disclosure Vulnerability (WinS03)Microsoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2000 Remote Code Execution Using a Malformed Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPointUnspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.Robert L. HollisDRAFTJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRASMAN Registry Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Operating SystemBuffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDApache Connection Blocking Denial Of Service VulnerabilitySun Solaris 8Sun Solaris 9ApacheApache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."Brian SobyBrian SobyBrian SobyDRAFTINTERIMACCEPTEDACCEPTEDPackage afs-krb5 is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage afs-krb5 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDAutomatic ActiveX Approval on Windows 2000 Low MemoryMicrosoft Windows 2000Windows 2000The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.Tiffany BergeronTiffany BergeronACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (XP,SP1)Microsoft Windows XPOperating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) via by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDCSS Cross-Domain Information Disclosure Vulnerability (64-bit XP)Microsoft Windows XPInternet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMS Word 6.0 Table Conversion Vulnerability (64-bit XP)Microsoft Windows XPMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDMozilla Mail Multiple Information DisclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v10.0 on S03)Microsoft Windows Server 2003Media PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPInternet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage aspell-fo is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-fo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryExcel BIFF Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelStack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDOff-by-one Error in fb_realpath()Sun Solaris 9Solaris Management Console (SMC)Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.Brian SobyDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDIIS ISAPI Extension Indexing Service Buffer Overflow (Code Red)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.Tiffany BergeronTiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDMozilla Security Check of js_ValueToFunctionObject() Can Be CircumventedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the in.iked(1M) Service May Lead To a Denial of Service (DoS)Sun Solaris 9The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDPackage apparmor-utils is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage apparmor-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryWindows XP (32-Bit) Task Scheduler Stack OverflowMicrosoft Windows XPTask SchedulerStack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.Tiffany BergeronTiffany BergeronINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWindows XP IE HTML Help ActiveX control Cross Domain VulnerabilityMicrosoft Windows XPWindows XPInternet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDWindows Server 2003 Negotiate Security Software Provider Denial of Service VulnerabilityMicrosoft Windows Server 2003Negotiate Security Software ProviderThe Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.Ingrid SkoogINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability(64-bit XP)Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage antlr-bootstrap is installedopenSUSE 10.2openSUSE FactoryPackage antlr-bootstrap is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryHP-UX 11.11 Path MTU Discovery Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMS Word 6.0 Table Conversion Vulnerability (32-bit XP)Microsoft Windows XPMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMChristine WalzerACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDSecurity Vulnerability in NFS Client Module May Lead to a Denial of Service ConditionSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.John WregglesworthDRAFTINTERIMACCEPTEDACCEPTEDMozilla Cross-site Scripting Using .valueOf.call()Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDPackage aqbanking-devel is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage aqbanking-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryOutlook Express v6,SP1 Malformed Email Header Denial of ServiceMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDSolaris 8 KCMS Arbitrary File Access VulnerabilitySun Solaris 8kcms_serverDirectory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage apt-file is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apt-file is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryMozilla Crashes with Evidence of Memory Corruption (CVE-2006-1529)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDpatch Windows6.0-KB925902-x64.msu should be installedMicrosoft Windows VistaThe patch Windows6.0-KB925902-x64.msu that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-017 should be installed.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE .chm Directory Traversal Windows 2000 VulnerabilityMicrosoft Windows 2000HTML Help FacilityInternet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDSMB Driver Elevation of Privilege Vulnerability (XP,SP2)Microsoft Windows XPOperating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDTwo Security Vulnerabilities in Solaris 8 Role Based Access Control (rbac(5)) may Allow Unauthorized Remote AccessSun Solaris 8Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDPackage acx-kmp-default is installedopenSUSE FactoryPackage acx-kmp-default is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows NT RPCSS DCOM Buffer Overflow (Blaster, Test 2)Microsoft Windows NTRemote Procedure Call (RPC)Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (S03,SP1)Microsoft Windows Server 2003Operating SystemBuffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Solaris 10 Virtual File System (VFS) may Lead to a Denial of Service (DoS) ConditionSun Solaris 10Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDHTML Decoding Memory Corruption Vulnerability (XP,SP2)Microsoft Windows XPInternet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage aelfred-demo is installedopenSUSE 10.2SUSE Linux 10.1openSUSE FactoryPackage aelfred-demo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryKDM pam_setcred Privilege Escalation VulnerabilityRed Hat Linux 9KDMKDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMozilla File Stealing by Changing Input TypeMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (64-bit XP)Microsoft Windows XPInternet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDGDI Incorrect Parameter Local Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaOperating SystemBuffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDACCEPTEDVersion Number Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visio 2002Microsoft Office 2003Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.Sudhir GandheDRAFTRobert L. HollisRobert L. HollisINTERIMACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDEMF Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaOperating SystemBuffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDACCEPTEDRemote Code Execution Vulnerability in Flash Player 8 (XP,SP2)Microsoft Windows XPFlash PlayerMultiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability With NIS server ypserv(1M) May Allow a Denial of Service (DoS) to OccurSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Sun Remote Services (SRS) Net Connect SoftwareSun Solaris 8Sun Solaris 9Sun Solaris 10srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 CDE ToolTalk Database Heap Corruption VulnerabilitySun Solaris 8CDEBuffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDFlash Address Bar Spoofing Vulnerability (S03,SP1)Microsoft Windows Server 2003Internet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMHT Memory Corruption Vulnerability (64-bit XP)Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage alsa-docs is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage alsa-docs is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryCSS Cross-Domain Information Disclosure Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPInternet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDOpen Enterprise Server 9 is installedOpen Enterprise Server 9Open Enterprise Server 9 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDMSDTC Denial of Service Vulnerability (XP,SP2)Microsoft Windows XPOperating SystemMicrosoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMHT Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWinXP Blind Connection Reset Attack VulnerabilityMicrosoft Windows XPWindows XPMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIIS Web Server File Request ParsingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.Tiffany BergeronACCEPTEDSecurity Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMSDTC Invalid Memory Access Vulnerability (XP,SP1)Microsoft Windows XPOperating SystemHeap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRASMAN Registry Corruption Vulnerability (XP,SP1)Microsoft Windows XPOperating SystemBuffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHTML Decoding Memory Corruption Vulnerability (S03,SP1)Microsoft Windows Server 2003Internet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDdtsession Buffer Overflow via HOME EnvvarSun Solaris 7Sun Solaris 8Sun Solaris 9CDEHeap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDSMB Driver Elevation of Privilege Vulnerability (Win2K)Microsoft Windows 2000Operating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CVE-2006-1530)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDLanguage Pack Installation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerRace condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDWord RTF Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordWord (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDActiveX Certificate Enrollment Unauthorized Remote Certificate DeletionMicrosoft Windows 2000Certificate Enrollment ControlUnknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDIE Cross-Site ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.Andrew ButtnerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDSymantec Enterprize Security Manager 6 is installed.Microsoft Windows 95Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Symantec Enterprize Security Manager 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDPackage a2ps-h is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage a2ps-h is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows Security Channel Remote Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRemote Code Execution Vulnerability in Flash Player 8 (XP,SP1)Microsoft Windows XPFlash PlayerMultiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 Link Aggregation may Allow Local Users Total Access to Network PacketsSun Solaris 10Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerabilities in the Solaris Trusted Extensions "labeld" Service May Lead to a Denial of Service (DoS) ConditionSun Solaris 10Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (XP,SP2)Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMIME Decoding VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Exchange ServerMicrosoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDNetwork Share Provider Buffer OverflowMicrosoft Windows 2000SMB (Server Message Block)Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".Christine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDSMB Code Execution Vulnerability (XP,SP1)Microsoft Windows XPSMB (Server Message Block)The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDLSASS Privilege Escalation Vulnerability (64-bit Server 2003)Microsoft Windows Server 2003Local Security Authority Subsystem Service (LSASS)LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDMozilla Cross-site Scripting through window.controllersMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDWindows Kernel LPC Privilege Escalation Vulnerability (32-bit XP,SP1)Microsoft Windows XPWindows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDArbitrary File Rewrite VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDACCEPTEDWindows Vista Firewall Blocking Rule Information Disclosure VulnerabilityMicrosoft Windows VistaThe Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."Sudhir GandheDRAFTSudhir GandheINTERIMACCEPTEDACCEPTEDPackage acpiw is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage acpiw is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryFlash Address Bar Spoofing Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPInternet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDCDE dtspcd Daemon Symlink VulnerabilitySun Solaris 7dtspcdThe CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDMS Word Macro Security Bypass VulnerabilityMicrosoft Windows 2000Microsoft Word 2000Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.Christine WalzerChristine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWord Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Word 2000Microsoft Word 2002Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."Sudhir GandheDRAFTBryan WorrellINTERIMACCEPTEDACCEPTEDPackage alsa-plugins is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alsa-plugins is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factory.NET JIT Compiler VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Vista.NET FrameworkThe Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".Sudhir GandheDRAFTSudhir GandheRobert L. HollisRobert L. HollisRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 (Original RTM or later) is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Vista.NET FrameworkMicrosoft .NET Framework 2.0 (Original RTM or later) is installedSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDWindows XP Enhanced Metafile Image Format Rendering Buffer OverflowMicrosoft Windows XPEnhanced Metafile (EMF)Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDPublisher Invalid Memory Reference VulnerabilityMicrosoft Windows VistaMicrosoft PublisherPUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Publisher 2007 is installedMicrosoft Windows VistaMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003The application Microsoft Publisher 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWord Malformed Drawing Object VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordMicrosoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage akonadi-devel is installedopenSUSE FactoryPackage akonadi-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryART Image Rendering Vulnerability (WinS03)Microsoft Windows Server 2003Operating SystemBuffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage amarok-arts is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage amarok-arts is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryHTML Decoding Memory Corruption Vulnerability (64-bit XP)Microsoft Windows XPInternet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Mail UNC Navigation Request Remote Code Execution VulnerabilityMicrosoft Windows VistaWindows MailWindows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDWord Document Stream VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordUnspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Windows Image Acquisition Service Could Allow Elevation of PrivilegeMicrosoft Windows XPThe Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDPackage aspell-nb is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-nb is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryRASMAN Registry Corruption Vulnerability (Win2K)Microsoft Windows 2000Operating SystemBuffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWindows Active Directory Denial of Service VulnerabilityMicrosoft Windows 2000The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.Sudhir GandheDRAFTSudhir GandheINTERIMACCEPTEDACCEPTEDMozilla Cross-site JavaScript Injection Using Event HandlersMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDWindows Animated Cursor Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaOperating SystemStack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDACCEPTEDWindows NT Terminal Server Unchecked Buffer in NetDDEMicrosoft Windows NTNetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDRASMAN Registry Corruption Vulnerability (S03,SP1)Microsoft Windows Server 2003Operating SystemBuffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (Win2K)Microsoft Windows 2000Operating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) via by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDAutomatic ActiveX Approval on WinXP Low MemoryMicrosoft Windows XPAuthenticodeThe Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.Tiffany BergeronAndrew ButtnerAndrew ButtnerACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDPackage aeolus-debuginfo is installedopenSUSE FactoryPackage aeolus-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryMozilla Mozilla Firefox Tag Order VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillansHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDSMB Code Execution Vulnerability (Server 2003 / 64-bit XP)Microsoft Windows Server 2003SMB (Server Message Block)The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDRASMAN Registry Corruption Vulnerability (XP,SP2)Microsoft Windows XPOperating SystemBuffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (Win2k)Microsoft Windows 2000Internet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDypbind Daemon Buffer OverflowSun Solaris 7NISBuffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDWindows XP (32-Bit) Program Group Converter Buffer OverflowMicrosoft Windows XPProgram Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDFlash Address Bar Spoofing Vulnerability (XP,SP2)Microsoft Windows XPInternet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (XP,SP2)Microsoft Windows XPOperating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) via by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDLDAP rootDN Password Disclosure VulnerabilitySun Solaris 8Sun Solaris 9LDAPUnspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11.11 ICMP Source Quench Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage aspell-mn is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-mn is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryCSS Cross-Domain Information Disclosure Vulnerability (XP,SP2)Microsoft Windows XPInternet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows XP (64-Bit) Program Group Converter Buffer Overflow in grpconv.exeMicrosoft Windows XPProgram Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2002 Remote Code Execution Using a Malformed Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPointUnspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.Robert L. HollisDRAFTMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage aspell-fa is installedopenSUSE 10.2SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage aspell-fa is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryMicrosoft .NET Framework 1.1 Service Pack 1 is InstalledMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Vista.NET FrameworkMicrosoft .NET Framework 1.1 Service Pack 1 is InstalledSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDPackage apache2-mod_ruby-debuginfo is installedSUSE Linux 10.0openSUSE FactoryPackage apache2-mod_ruby-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryA Security Vulnerability in How xscreensaver(1) Interacts With GNOME Assistive Technology May Allow Arbitrary Command ExecutionSun Solaris 10xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (XP,SP2)Microsoft Windows XPInternet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDApache IPv6 Socket Failure Denial of ServiceRed Hat Linux 9ApacheApache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (RegEx)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaInteger overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDBuffer Overflow in "in.telnetd"or "telnetd"ProcessSun Solaris 7Sun Solaris 8Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (S03,SP1)Microsoft Windows Server 2003Operating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) via by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (WinXP,SP2)Microsoft Windows XPOperating SystemBuffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 CSRSS Privilege Escalation VulnerabilityMicrosoft Windows Server 2003Client Server Runtime System (CSRSS)Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (S03,SP1)Microsoft Windows Server 2003Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v9.0)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Media PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows NT IIS Heap Overrun in HTR Chunked EncodingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Netscape Portable Runtime (NSPR) API Affects SolarisSun Solaris 10The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDExchange 2000,SP4 Calendar VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerUnspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMsgBox (CSRSS) Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaOperating SystemDouble-free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.Sudhir GandheDRAFTINTERIMRobert L. HollisSudhir GandheACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (64-bit) is installedMicrosoft Windows Server 2003The operating system installed on the system is Microsoft Windows Server 2003 (64-bit).Sudhir GandheINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 Service Pack 2 (64-bit) is installedMicrosoft Windows Server 2003The operating system installed on the system is Microsoft Windows Server 2003 Service Pack 2 (64-bit).Sudhir GandheINTERIMACCEPTEDACCEPTEDpatch Windows6.0-KB930178-x64.msu should be installedMicrosoft Windows VistaThe patch Windows6.0-KB930178-x64.msu that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-021 should be installed.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDPackage aspell-ar is installedopenSUSE 10.2openSUSE FactoryPackage aspell-ar is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryWindows XP (32-bit, SP1) RPCSS DCOM Buffer Overflow (Blaster)Microsoft Windows XPDistributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDPackage mono-data-sybase is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-data-sybase is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverMozilla Secure-site Spoof (requires security warning dialog)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11.00 Path MTU Discovery Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage amidic is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage amidic is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows 2000 Negotiate Security Software Provider Denial of Service VulnerabilityMicrosoft Windows 2000Negotiate SSP interfaceThe Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.Ingrid SkoogINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v8.0)Microsoft Windows XPMedia PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDFlash Address Bar Spoofing Vulnerability (WinS03)Microsoft Windows Server 2003Internet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v10.0, 64-bit)Microsoft Windows XPMicrosoft Windows Server 2003Media PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDpatch Windows6.0-KB925902-x86.msu should be installedMicrosoft Windows VistaThe patch Windows6.0-KB925902-x86.msu that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-017 should be installed.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDCSS Cross-Domain Information Disclosure Vulnerability (Win2K)Microsoft Windows 2000Internet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWindows 2000,SP4 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows 2000Operating SystemThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows NT Shell Buffer OverflowMicrosoft Windows NTWindows ShellBuffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.Matthew BurtonMatthew BurtonDRAFTINTERIMMatthew BurtonACCEPTEDACCEPTEDBuffer Overflow Vulnerability in libX11Sun Solaris 8Sun Solaris 9Sun Solaris 10Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDFont Rasterizer VulnerabilityMicrosoft Windows 2000Operating SystemThe TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDACCEPTEDWord 2003 Malicious .doc Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003SambaBuffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage aspell-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aspell-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryIE v6.0 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerDouble-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDACCEPTEDSMB Driver Elevation of Privilege Vulnerability (WinS03)Microsoft Windows Server 2003Operating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDOutlook Express 6 (S03,SP1) WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDACCEPTEDMozilla Deleted Object Reference When designMode="on"Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDSolaris 7 LBXProxy Display Name Buffer OverflowSun Solaris 7lbxproxyBuffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.David ProulxACCEPTEDAddress Bar Spoofing Vulnerability (S03,SP1)Microsoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIP Source Route Vulnerability (Win2K)Microsoft Windows 2000Operating SystemBuffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDXPM Image Decoder Malicious Color String VulnerabilitySun Solaris 8Sun Solaris 9Operating SystemStack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft JScript Memory Corruption Vulnerability (Win2K w/ JScript 5.6)Microsoft Windows 2000Operating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDVML Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerInteger underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDIE6 Script Execution Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows XP (64-Bit) Task Scheduler Stack OverflowMicrosoft Windows XPTask SchedulerStack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.Tiffany BergeronINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDOutlook Express 5.5 WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDACCEPTEDIE v5.5 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."Andrew ButtnerACCEPTEDMSDTC Denial of Service Vulnerability (Server 2003)Microsoft Windows Server 2003Operating SystemMicrosoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWin2K MDAC RDS.Dataspace Remote Code Execution VulnerabilityMicrosoft Windows 2000MDACUnspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDPackage alsa-firmware is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage alsa-firmware is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factoryIP Source Route Vulnerability (WinS03)Microsoft Windows Server 2003Operating SystemBuffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPInternet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE5 HTA Execution Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE6 HTML Tag Memory Corruption (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the rcp(1) Command May Allow Execution of Unintended CommandsSun Solaris 8Sun Solaris 9Sun Solaris 10rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDOutlook Express 6 (S03-Gold, Itanium) WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDSolaris 7 CDE ToolTalk Database Heap Corruption VulnerabilitySun Solaris 7CDEBuffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDOutlook Express 6 (64-bit XP) WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (XP,SP2)Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Internet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE6 Multiple Event Handler Memory Corruption (Server 2003,SP1)Microsoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDServer 2003 COM object Remote Code Execution VulnerabilityMicrosoft Windows Server 2003Operating SystemUnspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDRPC Mutual Authentication VulnerabilityMicrosoft Windows 2000Operating SystemMicrosoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.11)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDServer 2003 Access Requests Privilege Escalation VulnerabilityMicrosoft Windows Server 2003Windows kernelThe kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDSecurity Vulnerability in X Display Manager (xdm(1)) Xsession ScriptSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDHP-UX 11.00 Blind Connection Reset Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage aranym-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aranym-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryART Image Rendering Vulnerability (Win2K)Microsoft Windows 2000Operating SystemBuffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDHP Security Update Fixes VirtualVault Apache HTTP Request Smuggling VulnerabilityHP-UX 11LDAPUnspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHTML Decoding Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Internet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows XP/Server 2003 (64-Bit) VDM Privilege Escalation VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003VDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogIngrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDExcel 2003 Remote Code Execution via Malformed RecordMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeStack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDSolaris 8 CDE ToolTalk Database Server Symbolic Link VulnerabilitySun Solaris 8CDECDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows NT Long Share Names VulnerabilityMicrosoft Windows NTWindows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDFPSE XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPFrontPage Server ExtensionsCross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWebproxy Off-by-One Error in mod_ssl CRLHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMicrosoft Visual Basic 6.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Visual Basic 6.0 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Excel 2007 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 2000The application Microsoft Excel 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWinXP IP Validation VulnerabilityMicrosoft Windows XPWindows XPMicrosoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows (S03/64-bit XP) COM object Remote Code Execution VulnerabilityMicrosoft Windows XPOperating SystemUnspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows (S03,SP1/XP 64-bit) MDAC RDS.Dataspace Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003MDACUnspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Operating SystemBuffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE5 Address Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDHP-UX AutoRAID Critical Functionality IssueHP-UX 11AutoRAID ManagerPossible unknown vulnerability or vulnerabilities in HP DiskArray Utilities with AutoRAID Manager.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMicrosoft Word2002 Malformed Object Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordBuffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.Robert L. HollisDRAFTJohn HoylandINTERIMACCEPTEDACCEPTEDWord Array Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordWord (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Word 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Word 2002 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Word Viewer is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Word Viewer is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Word 2000 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Word 2000 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE6 Script Execution Vulnerability (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 4 for x86Red Hat Enterprise Linux 4The operating system installed on the system is Red Hat Enterprise Linux 4 for x86.Mark VillanovaDRAFTINTERIMACCEPTEDACCEPTED/usr/lib/print/conv_fix Privilege Escalation VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.Brian SobyDRAFTINTERIMACCEPTEDINTERIMDRAFTINTERIMACCEPTEDACCEPTEDPackage amarok-libvisual is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10openSUSE FactoryPackage amarok-libvisual is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:opensuse:factorySMB Driver Elevation of Privilege Vulnerability (64-bit XP)Microsoft Windows XPOperating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDApache prefork MPM Denial of ServiceRed Hat Linux 9ApacheThe prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v10.0 on WinXP)Microsoft Windows XPMedia PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Internet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWebproxy CGI Byterange Request DoSHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Kerberos Administration Daemon (kadmind(1M)) May Lead to Arbitrary Code ExecutionSun Solaris 9Sun Solaris 10Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.Nicholas HansenDRAFTINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDACCEPTEDIE6 Address Bar Spoofing Vulnerability (Server 2003,SP1)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 HTA Execution Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage apt-devel is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage apt-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryUninitialized Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visual Studio .NET 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Operating SystemBuffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage apparmor-parser-debuginfo is installedopenSUSE FactoryPackage apparmor-parser-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryWindows Virtual DOS Machine Local Privilege Escalation Vulnerability (Test 2)Microsoft Windows NTVDMThe component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.Ingrid SkoogACCEPTEDACCEPTEDPackage mono-data is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-data is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverNavigation Cancel Page Spoofing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."Sudhir GandheDRAFTRobert L. HollisRobert L. HollisINTERIMACCEPTEDACCEPTEDVirusVault Off-by-One Error in mod_ssl CRLHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDIP Source Route Vulnerability (64-bit XP)Microsoft Windows XPOperating SystemBuffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE5 HTML Parsing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE6 Cross-Domain Information Disclosure Vulnerability (Server 2003,SP1)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindow Location Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDWorkbook Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Compatibility Pack is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe application Microsoft Office Compatibility Pack is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDEnterprise Storage Manager 2.1 SAN Manager management station patchSun Solaris 8Sun Enterprise Storage Manager (ESM)Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDNetwork News Transfer Protocol Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Outlook ExpressHeap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Windows Mail is installedMicrosoft Windows VistaWindows MailMicrosoft Windows Mail is installedSudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64 EditionJonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDPackage apache2-mod_ruby is installedSUSE Linux 10.0openSUSE FactoryPackage apache2-mod_ruby is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:opensuse:factoryIE6 COM Object Instantiation Memory Corruption (Server 2003,SP1)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIIS Memory Request VulnerabilityMicrosoft Windows XPIISThe URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft IIS 5.1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft IIS 5.1 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE6 DHTML Method Call Memory Corruption (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDIE AbusiveParent Vulnerability (64-bit XP)Microsoft Windows XPMicrosoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDSun Solaris Gzip Race condition and Directory Traversal IssuesSun Solaris 8Sun Solaris 9Sun Solaris 10gzipDirectory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDIE GetObject Security BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxChristine WalzerINTERIMACCEPTEDACCEPTEDMozilla Privilege Escalation Using crypto.generateCRMFRequestMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDX.Org Privilege Escalation Vulnerability in X11R6.9, X11R7.0Sun Solaris 10Operating SystemX.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows XP Insecure Default ACLsMicrosoft Windows XPOperating SystemMicrosoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE6 for XP,SP2)Microsoft Windows XPMicrosoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in libX11 for SolarisSun Solaris 8Sun Solaris 9Sun Solaris 10Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDPackage anthy-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage anthy-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage anthy is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage anthy is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factorypasswd Local DoS Vulnerability (B.11.23)HP-UX 11Operating System/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDApache Weak Cipher Suite VulnerabilityRed Hat Linux 9ApacheApache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSendmail setjmp longjmp bo (Red Hat Internal)Red Hat Linux 9Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4SendmailSignal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.Robert L. HollisDRAFTINTERIMACCEPTEDVladimir GiszpencINTERIMACCEPTEDACCEPTEDKorean IME Privilege Elevation Vulnerability in Server 2003,SP1Microsoft Windows Server 2003Operating SystemThe ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (moz-grid)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (XP,SP2)Microsoft Windows XPInternet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWinXP Land VulnerabilityMicrosoft Windows XPWindows XPWindows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDsendfilev DoS VulnerabilitySun Solaris 8Sun Solaris 9sendfilev()Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.Brian SobyDRAFTINTERIMACCEPTEDINTERIMDRAFTINTERIMACCEPTEDACCEPTEDOutlook Express 6,SP1 WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPOutlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMAnna MinACCEPTEDACCEPTEDPackage aalib-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aalib-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factorySecurity Vulnerability in the Logging Mechanism for Solaris Management Console (SMC) May Lead to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDWinXP,SP1 COM object Remote Code Execution VulnerabilityMicrosoft Windows XPOperating SystemUnspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE 5.01 DHTML Method Call Memory CorruptionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE6 HTML Parsing Vulnerability (Server 2003,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 HTA Execution Vulnerability (Server 2003,SP1)Microsoft Windows Server 2003Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage alevt-debuginfo is installedSUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage alevt-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryRASMAN Registry Corruption Vulnerability (64-bit XP)Microsoft Windows XPOperating SystemBuffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCSS Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.Robert L. HollisDRAFTJeff ChengINTERIMACCEPTEDACCEPTEDServer 2003 Insecure Default ACLsMicrosoft Windows Server 2003Operating SystemMicrosoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDCAPICOM.Certificates VulnerabilityMicrosoft BizTalk Server 2004Platform SDK Redistributable: CAPICOMCAPICOMUnspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."Sudhir GandheDRAFTJonathan BakerJonathan BakerINTERIMACCEPTEDACCEPTEDOutlook Express 6,2003 News Reading VulnerabilityMicrosoft Windows Server 2003Microsoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability Relating to the acl(2) System Call May Allow Denial of Service (DoS) to the SystemSun Solaris 10Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDART Image Rendering Vulnerability (64-bit XP)Microsoft Windows XPOperating SystemBuffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CSS BO)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDExcel 2002 Remote Code Execution via Malformed GraphicMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDMHT Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDKorean IME Privilege Elevation Vulnerability in Windows XPMicrosoft Windows XPOperating SystemThe ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSymantec Small Office or Home Office EditionMicrosoft Windows 95Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Symantec Small Office or Home Office Virus Scan is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDTCP/IP IGMP v3 Denial of Service (XP,SP1)Microsoft Windows XPOperating SystemMicrosoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player 9 Bitmap Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Windows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDpasswd Local DoS Vulnerability (B.11.11)HP-UX 11Operating System/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDVirusVault Integer Overflow in pcre_compileHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDPackage alsa-plugins-pulse is installedopenSUSE 10.2openSUSE FactoryPackage alsa-plugins-pulse is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:opensuse:factoryIE6 DHTML Method Call Memory Corruption (Server 2003,SP1)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows XP,SP2 Access Requests Privilege Escalation VulnerabilityMicrosoft Windows XPWindows kernelThe kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDMS Word 6.0 Font Conversion Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDgzip -force File Permission Alteration VulnerabilitySun Solaris 8Licence Logging Servicegzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed Routing SlipMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeBuffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 COM Object Instantiation Memory Corruption (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDKorean IME Privilege Elevation Vulnerability in Server 2003Microsoft Windows Server 2003Operating SystemThe ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Privilege Escalation through Print PreviewMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDSecurity Vulnerability With RSA Signature Affects Solaris Applications Utilizing the libike LibrarySun Solaris 9Sun Solaris 10The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDTCP/IP IGMP v3 Denial of Service (64-bit XP,SP1)Microsoft Windows XPOperating SystemMicrosoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (64-bit XP)Microsoft Windows XPInternet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 Address Bar Spoofing Vulnerability (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft JScript Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Operating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWin32 API Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 HTA Execution Vulnerability (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDART Image Rendering Vulnerability (XP,SP2)Microsoft Windows XPOperating SystemBuffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDTrustix Secure Linux der_chop Script Symlink Attack VulnerabilityRed Hat Enterprise Linux 3OpenSSLThe der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDKernel Local Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemThe Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.Sudhir GandheDRAFTINTERIMRobert L. HollisRobert L. HollisACCEPTEDACCEPTEDRemote Code Execution Vulnerability in IE5.01Microsoft Windows 2000Microsoft Internet ExplorerAn unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.00)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.22)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed File FormatMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExcel 2000 Remote Code Execution via Malformed DescriptionMicrosoft Windows 2000Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDIE6 Multiple Event Handler Memory Corruption (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed GraphicMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Remote Code Execution Using a Malformed PNG VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Project 2002 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Project 2002 SP1 is installed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office 2002 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMicrosoft Word 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Word 2003 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWebproxy HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDCD Drive DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Operating SystemUnspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris Kernel May Allow a Denial of Service (DoS) Condition to OccurSun Solaris 8Sun Solaris 9Sun Solaris 10Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMozilla "AnyName" Entrainment and Access Control HazardMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDPackage ampache is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage ampache is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryPackage aalib-devel is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10openSUSE FactoryPackage aalib-devel is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:desktopcpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryHTML Decoding Memory Corruption Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPInternet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage alsa-utils is installedopenSUSE FactoryPackage alsa-utils is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryInteractive Training VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Interactive TrainingBuffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox History File Buffer OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxMozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.Robert L. HollisDRAFTMatthew WojcikMatthew WojcikRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerRobert L. HollisACCEPTEDACCEPTEDpagedata Subsystem Local DoS VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Operating SystemUnspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDXPM Image Decoder Buffer OverflowSun Solaris 8Sun Solaris 9Operating SystemInteger overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage mono-core is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-core is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverMozilla CSS Letter-Spacing Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaInteger overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDPackage alsa-oss-debuginfo is installedopenSUSE FactoryPackage alsa-oss-debuginfo is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:factoryServer 2003 Graphics Rendering Engine VulnerabilityMicrosoft Windows Server 2003Operating SystemThe Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDOutlook Express 6 (XP,SP2) WAB Remote Code Execution VulnerabilityMicrosoft Windows XPOutlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows NT SNMPv1 Trap Handling DoS and Privilege EscalationMicrosoft Windows NTSimple Network Management Protocol (SNMP)Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Harvey RubinovitzACCEPTEDMHT Memory Corruption Vulnerability (WinXP,SP2)Microsoft Windows XPInternet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 find on /proc panic DoS VulnerabilitySun Solaris 10Operating SystemUnspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.11)HP-UX 11Operating SystemUnknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDSMB Code Execution Vulnerability (32-bit XP)Microsoft Windows XPSMB (Server Message Block)The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDURL Redirect Cross Domain Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook ExpressA component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDOutlook Express 6 is installed.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Outlook Express 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAndrew ButtnerDEPRECATEDDEPRECATEDFlash Address Bar Spoofing Vulnerability (64-bit XP)Microsoft Windows XPInternet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHyperTerminal Session File Vulnerability (Windows XP,SP1)Microsoft Windows XPHyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTHarvey RubinovitzHarvey RubinovitzINTERIMChristine WalzerDavid ProulxACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDWebClient Service Unchecked Buffer Remote Code Execution (XP,SP2)Microsoft Windows XPOperating SystemBuffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows ME Long Share Names VulnerabilityMicrosoft Windows MEWindows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDFlash Address Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Internet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWindows Server 2003 Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows Server 2003Operating SystemStack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows NT IIS Chunked Encoding Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDIE6 Multiple Event Handler Memory Corruption (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player 10 Bitmap Remote Code ExecutionMicrosoft Windows XPWindows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMRobert L. HollisACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDKorean IME Privilege Elevation Vulnerability in 64-bit Windows XPMicrosoft Windows XPOperating SystemThe ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMalformed iCal VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Exchange ServerThe Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage acct is installedNovell Linux Desktop 9openSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Server 10openSUSE FactoryPackage acct is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:linux_desktop:9cpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10:servercpe:/o:novell:opensuse:factoryIE6 HTA Execution Vulnerability (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDART Image Rendering Vulnerability (2K/XP)Microsoft Windows 2000Microsoft Windows XPOperating SystemBuffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows NT Trusted Domain LoopholeMicrosoft Windows NTWindows NT 4.0In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.Tiffany BergeronACCEPTEDIE6 COM Object Instantiation Memory Corruption (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (64-bit XP)Microsoft Windows XPOperating SystemBuffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Shared Library Privilege Escalation Vulnerability (B.11.04)HP-UX 11Operating SystemUnspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDIP Source Route Vulnerability (XP,SP2)Microsoft Windows XPOperating SystemBuffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWin2K Kernel Privilege Escalation VulnerabilityMicrosoft Windows 2000Operating SystemThe thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX SIM Hangs MS-IE Due to MS04-025 ChangesHP-UX 11Operating SystemUnknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSuppressed Test OVAL1581 (Identical to OVAL4458)Microsoft Windows Server 2003Windows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDKerberos Command Execution Vulnerability rexec DaemonSun Solaris 10XUnspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows NT Process Handle Duplication Privilege EscalationMicrosoft Windows NTWindows NT 4.0smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.Tiffany BergeronACCEPTEDExcel 2003 Remote Code Execution via Malformed DescriptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows Media Player 7.10 Bitmap Remote Code ExecutionMicrosoft Windows 2000Windows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX Shared Library Privilege Escalation Vulnerability (B.11.00)HP-UX 11Operating SystemUnspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDHP-UX Trusted Mode remshd Remote Unauthorized Access (B.11.23)HP-UX 11remshdUnknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDCMS Cross-Site Scripting and Spoofing VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Content Management ServerCross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Content Management Server 2002 Service Pack 2 is installedMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Microsoft Content Management Server 2002 Service Pack 2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Content Management Server 2001 Service Pack 1 is installedMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Microsoft Content Management Server 2001 Service Pack 1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CVE-2006-1723)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDSecurity Vulnerability May Allow Users With the "File System Management" RBAC Profile to Gain Elevated PrivilegesSun Solaris 8Sun Solaris 9Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDHP-UX envd Local Execution of Privileged Code (B.11.11)HP-UX 11envdenvd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWMF Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemUnspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed DescriptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMFC Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemThe MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the the AfxOleSetEditMenu function in MFC42u.dll.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2002 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2002 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2003 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2003 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 Multiple Event Handler Memory Corruption (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDServer 2003 Media Player PNG Processing VulnerabilityMicrosoft Windows Server 2003Windows Media Player 9Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDLeaking GSSAPI Credentials Vulnerability (B.11.00/B.11.11)HP-UX 11SecureShellsshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWinXP,SP1 Graphics Rendering Engine VulnerabilityMicrosoft Windows XPOperating SystemThe Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMozilla QueryInterface Memory Corruption VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows Kernel LPC Privilege Escalation Vulnerability (Windows 2000)Microsoft Windows 2000Windows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDACCEPTEDApache Linefeed Allocation VulnerabilityRed Hat Linux 9ApacheA memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows Media Player Plug-in EMBED VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Windows Media PlayerBuffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWin2K,SP4 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDRemote Code Execution Vulnerability in Flash Player 6&7 (XP,SP2)Microsoft Windows XPFlash PlayerMacromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCSS Cross-Domain Information Disclosure Vulnerability (S03,SP1)Microsoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPowerpoint TIFF Information DisclosureMicrosoft Windows 2000PowerPointMicrosoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage mono-web is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1SUSE Linux Enterprise Desktop 10SUSE Linux Enterprise Server 10Package mono-web is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:suse_linux_enterprise:10::desktopcpe:/o:novell:suse_linux_enterprise:10::serverOffice 2000 Remote Code Execution via Malformed Routing SlipMicrosoft Windows 2000Microsoft OfficeBuffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDMicrosoft Office 2000 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office 2000 is installed.Robert L. HollisINTERIMGlenn StricklandACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.22)HP-UX 11Operating SystemUnknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (Server 2003,SP1)Microsoft Windows Server 2003Operating SystemWindows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (Server 2003)Microsoft Windows Server 2003TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDUser Profile Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemUntrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWINS Association Context Vulnerability (64-bit Server 2003, Test 1)Microsoft Windows Server 2003Windows Internet Naming Service (WINS)The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDMozilla Downloading Executables with "Save Image As..."Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDWebClient Service Unchecked Buffer Remote Code Execution (Server 2003)Microsoft Windows Server 2003Operating SystemBuffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWMF Rendering Code Execution Vulnerability (32-bit Windows XP,SP1)Microsoft Windows XPOperating SystemMultiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage aalib-devel-64bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aalib-devel-64bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryCSNW Remote Buffer Overflow via Network Messages (Server 2003)Microsoft Windows Server 2003NetWareThe Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDServer 2003,SP1 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDzlib Compression Remote DoS Vulnerability (B.11.00/B.11.11)HP-UX 11SecureShellzlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 Script Execution Vulnerability (Server 2003,SP1)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Agent Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerInteger overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 DDS Library Shape Control Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (Server 2003)Microsoft Windows Server 2003Operating SystemWindows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDCSNW Remote Buffer Overflow via Network Messages (Win2k,SP4)Microsoft Windows 2000NetWareThe Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWin2k,SP4 DDS Library Shape Control Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDuucp/uustat Privilege Escalation VulnerabilitySun Solaris 8Sun Solaris 9Operating SystemUnspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.Robert L. HollisDRAFTMatthew WojcikINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.11-IPSEC)HP-UX 11Operating SystemUnknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDNetwork Connection Manager Interruption of Service (Windows XP,SP2)Microsoft Windows XPOperating Systemnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPackage aalib-devel-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aalib-devel-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryWindows XP HtmlHelp Heap OverflowMicrosoft Windows XPHTML Help FacilityHeap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Advanced Find VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookBuffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Vista Information Disclosure VulnerabilityMicrosoft Windows VistaMicrosoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDls-F Privilege Escalation VulnerabilitySun Solaris 8TENEX C Shell (tcsh)Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.Brian SobyDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability May Allow Users With the "File System Management" RBAC Profile to Gain Elevated PrivilegesSun Solaris 8Sun Solaris 9Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDVirusVault HTTP Request SmugglingHP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed RecordMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeStack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCSRSS Local Elevation of Privilege VulnerabilityMicrosoft Windows VistaOperating SystemUse-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.Sudhir GandheDRAFTRobert L. HollisINTERIMSudhir GandheACCEPTEDACCEPTEDUnsupported Version of WindowsMicrosoft Windows 2000Microsoft Windows XPOperating System'As Service Packs released by Microsft mature, earlier versions and releases become unspported. This equates to a cessation in software and security patches for that baseline. Using an unsupported version of Windows represents a severe security risk.'Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDExcel 2002 Remote Code Execution via Malformed DescriptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDWin2K,SP4 HTTPS Proxy VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWinXP,SP1 (64-bit) COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDSolaris 7 X Font Server Remote Buffer OverrunSun Solaris 7fs.auto, xfsBuffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDPlug and Play User Data Validation Vulnerability (WinXP,SP2)Microsoft Windows XPOperating SystemStack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6:S03 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (XP,SP2)Microsoft Windows XPOperating SystemWindows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (WinXP,SP2)Microsoft Windows XPOperating SystemBuffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDElement position: Style Change VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (64-bit XP,SP1)Microsoft Windows XPTIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Virtual DOS Machine Local Privilege Escalation Vulnerability (Test 1)Microsoft Windows NTMicrosoft Windows 2000VDMThe component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.Ingrid SkoogIngrid SkoogACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWinXP,SP1 MDAC RDS.Dataspace Remote Code Execution VulnerabilityMicrosoft Windows XPMDACUnspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExcel 2003 Remote Code Execution via Malformed GraphicMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDApache Terminal Escape Sequence Vulnerability IIRed Hat Linux 9ApacheApache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDExcel 2003 Remote Code Execution via Malformed File FormatMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDServer 2003,SP1 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDWinXP,SP2 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE6,SP1 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDExcel 2003 Remote Code Execution via Malformed Routing SlipMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeBuffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows 2000 HtmlHelp Heap OverflowMicrosoft Windows 2000HTML Help FacilityHeap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDApache Terminal Escape Sequence VulnerabilityRed Hat Linux 9ApacheApache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSolaris 8 CDE ToolTalk Database Null Write VulnerabilitySun Solaris 8CDECDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (XP,SP2)Microsoft Windows XPOperating SystemCOM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 Address Bar Spoofing Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Application Suite has reached End-of-LifeMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozilla'mozilla.org has launched and delivered SeaMonkey, a community effort to deliver production-quality releases of code derived from the \"Mozilla Application Suite\". This equates to a cessation in software and security patches for that baseline. Using an unsupported software represents a high security risk because no fixes or patches will be made available in response to new vulnerabilities.'Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMRobert L. HollisDEPRECATEDDEPRECATEDWebproxy Integer Overflow in pcre_compileHP-UX 11ApacheInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the kcms_calibrate(1) CommandSun Solaris 8Sun Solaris 9Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDMozilla JavaScript Garbage-Collection Hazards in jsfun.cMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XML Attribute Name Validation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerRobert L. HollisACCEPTEDACCEPTEDWinXP (64-bit) Graphics Rendering Engine VulnerabilityMicrosoft Windows XPOperating SystemThe Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWinXP,SP1 Embedded Web Font VulnerabilityMicrosoft Windows XPOperating SystemHeap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWin2K,SP4 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDSolaris 8 X Font Server Remote Buffer OverrunSun Solaris 8fs.auto, xfsBuffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDWin2k,SP4 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (Windows 2000,SP4)Microsoft Windows 2000Operating SystemWindows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDPackage aalib-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1openSUSE FactoryPackage aalib-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1cpe:/o:novell:opensuse:factoryOutlook 2000 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE6 Double Byte Character Parsing Memory Corruption(Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIP Source Route Vulnerability (XP,SP1)Microsoft Windows XPOperating SystemBuffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDManagement Console Directory Traversal VulnerabilitySun Solaris 8Sun Solaris 9Solaris Management Console (SMC)The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inacessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.Brian SobyDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMINTERIMACCEPTEDACCEPTEDKodak Image Viewer Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Kodak Image ViewerKodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHeap Overrun in XBM Image ProcessingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaHeap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDEvolution GtkHTML DoS via null Pointer DereferenceRed Hat Linux 9GtkHTMLgtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDInteger Overflow in libpng via Malformed PNG ImageSun Solaris 7libpngMultiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (WinS03)Microsoft Windows Server 2003Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMSDTC Invalid Memory Access Vulnerability (Server 2003)Microsoft Windows Server 2003Operating SystemHeap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDServer 2003 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.10.20)HP-UX 10ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMozilla Spoofing with Translucent WindowsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDAlternate ps Command Information Disclosure VulnerabilitySun Solaris 8Sun Solaris 9/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDWindows 2000 Shell Buffer OverflowMicrosoft Windows 2000Windows ShellBuffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.Christine WalzerChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDpatch Windows6.0-KB930178-x86.msu should be installedMicrosoft Windows VistaThe patch Windows6.0-KB930178-x86.msu that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-021 should be installed.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDWinXP,SP2 DDS Library Shape Control Buffer OverflowMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSamba Encrypted Password DoSSun Solaris 9SambaBuffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (Server 2003)Microsoft Windows Server 2003Operating SystemCOM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDServer 2003,SP1 DDS Library Shape Control Buffer OverflowMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDProperty Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDACCEPTEDWinXP (64-bit) Embedded Web Font VulnerabilityMicrosoft Windows XPOperating SystemHeap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX xterm Privilege Escalation Vulnerability (B.11.11)HP-UX 11Operating SystemUnspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.Robert L. HollisDRAFTMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDServer 2003,SP1 Graphics Rendering Engine VulnerabilityMicrosoft Windows XPOperating SystemThe Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows NT SMB Buffer OverflowMicrosoft Windows NTSMB (Server Message Block)Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDHP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.01)HP-UX 11SambaInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDOutlook 2003 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows NT Certificate Validation Identity Spoofing Vulnerability (Test 1)Microsoft Windows NTCertificate ValidationMicrosoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).Christine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDServer 2003 DDS Library Shape Control Buffer OverflowMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX Shared Library Privilege Escalation Vulnerability (B.11.11)HP-UX 11Operating SystemUnspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Server 2003)Microsoft Windows Server 2003MSDTCThe MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE5 Multiple Event Handler Memory Corruption (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDMicrosoft Visio 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Visio 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows NT MUP UNC Request Buffer OverflowMicrosoft Windows NTMultiple UNC Provider (MUP)Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.Tiffany BergeronACCEPTEDWinXP,SP2 COM object Remote Code Execution VulnerabilityMicrosoft Windows XPOperating SystemUnspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE5 COM Object Instantiation Memory Corruption (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDSMC TRACE HTTP VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10Solaris Management ConsoleThe default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in IPv6 Implementation (ip6(7p)) Related to the Handling of IPsec Packets may Lead to a System Panic, Resulting in a Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite about: Scheme Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDHTML Objects Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.Sudhir GandheDRAFTINTERIMRobert L. HollisJeff ItoACCEPTEDACCEPTEDWindows 2000 SNMPv1 Trap Handling DoS and Privilege Escalation (Test 1)Microsoft Windows 2000Simple Network Management Protocol (SNMP)Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Harvey RubinovitzAnna MinINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.11)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDSolaris CDE DTLogin XDMCP Parser Remote Double Free VulnerabilitySun Solaris 7CDEDouble-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.Brian SobyBrian SobyDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDWinXP,SP2 HTTPS Proxy VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWinXP,SP1 DirectShow Malicious avi File VulnerabilityMicrosoft Windows XPDirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWinXP,SP2 Graphics Rendering Engine VulnerabilityMicrosoft Windows XPOperating SystemThe Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDWin2K Graphics Rendering Engine VulnerabilityMicrosoft Windows 2000Operating SystemThe Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDMicrosoft IE Encoded Characters Information DisclosureMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzChristine WalzerINTERIMACCEPTEDACCEPTEDHP-UX envd Local Execution of Privileged Code (B.11.00)HP-UX 11envdenvd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows XP IIS WebDAV Message Handler Denial of Service VulnerabilityMicrosoft Windows XPMicrosoft Internet Information Server (IIS)The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWinXP,SP2 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDTCP/IP IGMP v3 Denial of Service (XP,SP2)Microsoft Windows XPOperating SystemMicrosoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 DirectShow Malicious avi File VulnerabilityMicrosoft Windows Server 2003DirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMHT Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (Win2K,SP4)Microsoft Windows 2000Operating SystemBuffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDSuppressed OVAL142, covered by OVAL2022Microsoft Windows NTWindows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDMicrosoft Word2003 Malformed Object Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft WordBuffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.Robert L. HollisDRAFTJohn HoylandINTERIMACCEPTEDACCEPTEDMS Word 6.0 Table Conversion Vulnerability (NT 4.0 Terminal Server)Microsoft Windows NTMicrosoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDFTP Download Destination Tampering Vulnerability (Windows XP)Microsoft Windows XPOperating SystemThe FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRHE4 Mozilla top.focus() Cross-Site Scripting VulnerabilityRed Hat Enterprise Linux 4mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDHTML Decoding Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Internet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (Server 2003)Microsoft Windows Server 2003TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDpasswd Local DoS Vulnerability (B.11.00)HP-UX 11Operating System/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDExcel 2002 Remote Code Execution via Malformed File FormatMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer MIME HackMicrosoft Windows 2000Microsoft Internet ExplorerHTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.Tiffany BergeronAndrew ButtnerACCEPTEDRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDACCEPTEDPC Netlink 2.0 Privilege Escalation VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Solaris Management ConsoleThe (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX PMTUD Remote DoS (B.11.23-IPSEC)HP-UX 11Operating SystemUnknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (WinXP,SP1)Microsoft Windows XPOperating SystemBuffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 Print Spooler Service Buffer OverflowMicrosoft Windows Server 2003Print Spooler ServiceBuffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDWinamp Hostname Buffer OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003WinampBuffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExcel 2000 Remote Code Execution via Malformed GraphicMicrosoft Windows 2000Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDDefault Registry Permissions on the MTS Package Admin KeyMicrosoft Windows NTMicrosoft Transaction Server (MTS)The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.Matt BusbyINTERIMACCEPTEDACCEPTEDSun Solaris 8 XSun Color Database File Heap OverflowSun Solaris 8XsunBuffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.David ProulxACCEPTEDCSS Tag Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.Sudhir GandheDRAFTRobert L. HollisRobert L. HollisINTERIMACCEPTEDACCEPTEDDefault Registry Permissions on SNMP ParametersMicrosoft Windows NTSimple Network Management Protocol (SNMP)The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.Matt BusbyINTERIMACCEPTEDACCEPTEDGDI Invalid Window Size Elevation of Privilege VulnerabilityMicrosoft Windows 2000Microsoft Windows XPOperating SystemThe Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDACCEPTEDSecurity Vulnerability With Loading Arbitrary Kernel Modules in Solaris KernelSun Solaris 8Sun Solaris 9Sun Solaris 7Sun Solaris 2.6Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSolaris 7 (SPARC) is installedSun Solaris 7The operating system installed on the system is Sun Solaris 7 for SPARC.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris 7 (x86) is installedSun Solaris 7The operating system installed on the system is Sun Solaris 7 for x86.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris 2.6 (x86) is installedSun Solaris 2.6The operating system installed on the system is Sun Solaris 2.6 for x86.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDEvolution GtkHTML DoS via Malformed MessageRed Hat Linux 9GtkHTMLGtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSolaris Hosts are Vulnerable to a Denial of Service Induced by an Internet Transmission Control Protocol (TCP) "ACK Storm"Sun Solaris 8Sun Solaris 9Sun Solaris 10The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDRed Hat Enterprise Linux 5The operating system installed on the system is Red Hat Enterprise Linux 5.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in the Solaris 10 Loopback FileSystem (LOFS) May Allow Files in a Non-global Zone to be Moved or Renamed From a Read-Only FileystemSun Solaris 10The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDOutlook Web Access Script Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2003 Service Pack 2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Exchange Server 2003 SP2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2000 Service Pack 3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Exchange Server 2000SP3 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2003 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Exchange Server 2003 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 (no Service Pack) is installedMicrosoft Windows VistaExchange Server 2007 (no Service Pack) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWindows NT IIS HTTP Header Field Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDVisio Document Packaging VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visio 2002Microsoft Office 2003Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Visio 2002 SP2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Visio 2002 SP2 is installed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office 2003 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMKen LassesenACCEPTEDACCEPTEDSUSE Linux Enterprise Server 10 is installedSUSE Linux Enterprise Server 10SUSE Linux Enterprise Server 10 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDACCEPTEDcpe:/o:novell:suse_linux:10:serverServer is a Server2003 Member ServerMicrosoft Windows Server 2003Server is a Server 2003 Member ServerRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer is a Domain ControllerMicrosoft Windows 2000Microsoft Windows Server 2003Server is a Domain ControllerRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (32-bit) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (32-bit) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSUSE Linux Desktop 1.0 is installedSUSE Linux Desktop 1.0 is installed.Thomas R. JonesDRAFTJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Services 2003 are installed.Microsoft Windows Server 2003Microsoft Office SharePoint Services 2003 are installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris 2.6 (SPARC) is installedSun Solaris 2.6The operating system installed on the system is Sun Solaris 2.6 for SPARC.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Java Virtual Machine Security BypassMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Virtual Machine (VM)The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."Tiffany BergeronINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP (32-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP (32-bit).Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player Code Execution Vulnerability Decompressing SkinsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaWindows Media PlayerUnspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins."Robert L. HollisDRAFTJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows VistaDragos PrisacaDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows Media Player v10.0 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Media PlayerWindows Media Player v10.0 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player v9.0 is installed.Microsoft Windows XPMedia PlayerWindows Media Player v9.0 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player v11.0 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMedia PlayerWindows Media Player v11.0 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player v7.1 is installed.Microsoft Windows 2000Media PlayerWindows Media Player v7.1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDGnuPG Invalid User ID VulnerabilityRed Hat Linux 9GnuPGThe key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDServer 2003 IE HTML Help ActiveX control Cross Domain VulnerabilityMicrosoft Windows Server 2003HTML Help ActiveX ControlInternet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDRHE3 XBL Script Security Bypass VulnerabilityRed Hat Enterprise Linux 3mozillaFirefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDFreeRADIUS Ascend-Send-Secret Server CrashRed Hat Enterprise Linux 3FreeRADIUSFreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDApache mod_ssl CRL off-by-one DoSHP-UX 11ApacheOff-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDLeaking GSSAPI Credentials Vulnerability (B.11.23)HP-UX 11SecureShellsshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows NT Task Scheduler Stack OverflowMicrosoft Windows NTMicrosoft Internet ExplorerStack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.Tiffany BergeronINTERIMACCEPTEDAndrew ButtnerChristine WalzerINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the Authentication Mechanism for Solaris Management Console (SMC) May Lead to Escalation of PrivilegesSun Solaris 8Sun Solaris 9Sun Solaris 10Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDWinXP,SP1 (64-bit) File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows Script Engine Heap Overflow (Test 4)Microsoft Windows 2000Windows Script Engine for JscriptInteger overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.DRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMAnna MinACCEPTEDACCEPTEDMozilla Integer overflows in E4X, SVG, and Canvas FeaturesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMultiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (Win2k,SP4)Microsoft Windows 2000TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE5.01,SP4 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE6 Address Bar Spoofing Vulnerability (Win2K/XP,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDIE6 for XP,SP2 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDIE6 for Server 2003 Drag-and-Drop VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzHarvey RubinovitzHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.00)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 1)Microsoft Windows 2000Certificate ValidationThe (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.Christine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDMicrosoft Word 2000 Font Parsing VulnerabilityMicrosoft Windows 2000Microsoft Office 2000 SP3Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows 2000 IIS WebDAV Message Handler Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDGNU Ghostscript -dSAFER VulnerabilityRed Hat Linux 9GNU GhostscriptUnknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (XP,SP1)Microsoft Windows XPOperating SystemWindows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDPlug and Play User Data Validation Vulnerability (WinXP,SP1)Microsoft Windows XPOperating SystemStack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExcel 2000 Remote Code Execution via Malformed RecordMicrosoft Windows 2000Microsoft OfficeStack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDIE5.01,SP4 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Harvey RubinovitzDRAFTJonathan BakerINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (64-bit XP,SP1)Microsoft Windows XPTIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)Sun Solaris 8Sun Solaris 9Sun Solaris 10Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 (x86) is installedSun Solaris 8The operating system installed on the system is Sun Solaris 8 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 8 (SPARC) is installedSun Solaris 8The operating system installed on the system is Sun Solaris 8 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 MDAC RDS.Dataspace Remote Code Execution VulnerabilityMicrosoft Windows Server 2003MDACUnspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows Kernel LPC Privilege Escalation Vulnerability (NT 4.0)Microsoft Windows NTWindows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows NT IIS ASP Server-Side Include Function Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDIE6:XP,SP2 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDServer 2003 HTTPS Proxy VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDExchange Server 5.0 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExchange Server 2000 when running Outlook Web Access VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDRHE4 Firefox and Mozilla Javascript Dialog Box SpoofingRed Hat Enterprise Linux 4mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDRHE4 Firefox InstallTrigger Callback VulnerabilityRed Hat Enterprise Linux 4The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDTCP/IP IGMP v3 Denial of Service (Server 2003)Microsoft Windows Server 2003Operating SystemMicrosoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHeap Overflow in Solaris 7 xlockSun Solaris 7xlockHeap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.David ProulxACCEPTEDIE5.01,SP4 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite JavaScript Integer OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaInteger overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDWindows XP Media Player PNG Processing VulnerabilityMicrosoft Windows XPWindows Media Player 9Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."Christine WalzerDRAFTChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDAnimated Cursor Denial of Service (XP)Microsoft Windows XPWindows Animated CursorThe Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWinXP,SP1 (64-bit) IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows 2000 HTR ISAPI Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDBuffer Overrun in HTML Help VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemHeap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWinXP,SP2 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDServer 2003 TAPI Buffer OverflowMicrosoft Windows Server 2003Telephony ServiceBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDIE6 HTML Tag Memory Corruption (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMSDTC Denial of Service Vulnerability (XP,SP1)Microsoft Windows XPOperating SystemMicrosoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIFRAME VulnerabilityMicrosoft Windows 98Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerHeap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDACCEPTEDWindows Explorer Web View Script Injection VulnerabilityMicrosoft Windows 2000Operating SystemWeb View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE6 HTML Tag Memory Corruption (Win2K/WinXP)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDGDM X Display Manager Authorization VulnerabilityRed Hat Linux 9GDMThe X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDNetwork Connection Manager Interruption of Service (Windows 2000)Microsoft Windows 2000Operating Systemnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWin2k Land VulnerabilityMicrosoft Windows 2000Windows 2000Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMozilla IDN heap overrun using soft-hyphensHP-UX 11mozillaBuffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDFTP Download Destination Tampering Vulnerability (Server 2003)Microsoft Windows Server 2003Operating SystemThe FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (WinXP,SP1)Microsoft Windows XPTIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRHE3 Firefox InstallTrigger Callback VulnerabilityRed Hat Enterprise Linux 3mozillaThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Color Management Module Buffer OverflowMicrosoft Windows 2000Microsoft Color Management ModuleBuffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDWindows 98 Program Group Converter Buffer OverflowMicrosoft Windows 98Program Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.00)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows Services for UNIX Could Allow Elevation of PrivilegeMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."Sudhir GandheSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit)Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris SAdmin Client Credentials Remote Administrative Access VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9SadminThe default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.Brian SobyBrian SobyDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDTodd DolinskyINTERIMTodd DolinskyACCEPTEDACCEPTEDObject Spoofing using XBL <implements> VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDServer 2003 Object Management VulnerabilityMicrosoft Windows Server 2003Windows kernelBuffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDRPCSS DCOM Buffer Overflow (Windows 2000)Microsoft Windows 2000Remote Procedure Call (RPC)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.Tiffany BergeronACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (WinXP,SP1)Microsoft Windows XPOperating SystemCOM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRHE3 Firefox and Mozilla Javascript Dialog Box SpoofingRed Hat Enterprise Linux 3mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDWin2k,SP4 DirectShow Malicious avi File VulnerabilityMicrosoft Windows 2000DirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaA regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWU-FTPD "glob-*" Remote DoS Vulnerability (B.11.23)HP-UX 11ftpdThe wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows XP Kernel Debugger-based Buffer Overflow (Test 1)Microsoft Windows XPWindows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWMF Rendering Code Execution Vulnerability (64-bit Windows XP and Server 2003,Unpatched)Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemMultiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDzlib Compression Remote DoS Vulnerability (B.11.23)HP-UX 11SecureShellzlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (64-bit XP,SP1)Microsoft Windows XPOperating SystemCOM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDInteger Overflow in libgd2Red Hat Enterprise Linux 3libgdInteger overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."Andrew ButtnerChristine WalzerINTERIMACCEPTEDACCEPTEDVirtual PC and Virtual Server Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Virtual Server 2005Microsoft Virtual PC 2004Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."Sudhir GandheDRAFTJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 R2 Enterprise is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual Server 2005 R2 Enterprise is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 Enterprise is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual Server 2005 Enterprise is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 R2 Standard is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual Server 2005 R2 Standard is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2004 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2004 Service Pack 1 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 Standard is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual Server 2005 Standard is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2004 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2004 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDRHE3 Firefox and Mozilla DOM Node SpoofingRed Hat Enterprise Linux 3mozillaFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player 8 Bitmap Remote Code ExecutionMicrosoft Windows XPWindows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP Web Client Service Buffer OverflowMicrosoft Windows XPWeb Client ServiceBuffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDNetwork Connection Manager Interruption of Service (Windows XP,SP1)Microsoft Windows XPOperating Systemnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (Win2k,SP4)Microsoft Windows 2000TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDFormat string vulnerability in Sun Java Web ConsoleSun Solaris 10Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDIE6 Cross-Domain Information Disclosure Vulnerability (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDNetwork Connection Manager Interruption of Service (Server 2003)Microsoft Windows Server 2003Operating Systemnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHTML Help ActiveX Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDA Security Vulnerability in Solaris 10 ICMP Handling May Allow a SystemPanic and Result in Denial of Service (DoS)Sun Solaris 10Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDOLE Automation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Visual Basic 6.0Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 SP2 (x64) is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) SP2 is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Service Pack 2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla Privilege Escalation Using a JavaScript Function's Cloned ParentMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDVirusVault CGI Byterange Request DoSHP-UX 11ApacheThe byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDgedit Format String VulnerabilityRed Hat Enterprise Linux 3geditFormat string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.Jay BealeDRAFTINTERIMACCEPTEDBob TowbesINTERIMACCEPTEDACCEPTEDPlug and Play User Data Validation Vulnerability (Windows 2000)Microsoft Windows 2000Operating SystemStack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDsudo Symlink VulnerabilityRed Hat Enterprise Linux 3sudoRace condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDIt appears that we can't parse the vulnerable configuration condition (an ALL in the second field of a line after a line that has no ALL in the second field) with our existing regexp.MS Word 6.0 Font Conversion Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDEMF Rendering Denial of Service Vulnerability (Windows 2000)Microsoft Windows 2000Operating SystemThe GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDSolaris 7 cachefsd Heap Overflow VulnerabilitySun Solaris 7cachefsdHeap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.David ProulxBrian SobyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDIE5.01,SP4 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWebproxy HTTP Request Smuggling (B.11.04)HP-UX 11ApacheThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWord 2003 (wordview) Malicious .doc Buffer Overflow IIMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2003Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDChris WoodINTERIMACCEPTEDACCEPTEDIE6,SP1 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDPackage mono-core-32bit is installedopenSUSE 10.2SUSE Linux 10.0SUSE Linux 10.1Package mono-core-32bit is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2cpe:/o:novell:suse_linux:10.0cpe:/o:novell:suse_linux:10.1WinXP,SP2 DirectShow Malicious avi File VulnerabilityMicrosoft Windows XPDirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v7.1)Microsoft Windows 2000Media PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE Improper Object Tag HandlingMicrosoft Windows 2000Windows 2000Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.Tiffany BergeronTiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDDNS RPC Management VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Operating SystemStack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 is installedMicrosoft Windows Server 2003The operating system installed on the system is Microsoft Windows Server 2003.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla FTP URI MIME Type Exploit VulnerabilitySun Solaris 8mozillaMozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDRHE4 Improper Handling of Synthetic Events in MozillaRed Hat Enterprise Linux 4mozillaThe browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDLinux Kernel shmctl() Memory Swap VulnerabilityRed Hat Enterprise Linux 3Linux kernelThe shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDStep-by-Step Interactive Training Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Interactive TrainingBuffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMSDTC Invalid Memory Access Vulnerability (Win2K)Microsoft Windows 2000Operating SystemHeap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE6:S03 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWebClient Service Unchecked Buffer Remote Code Execution (Server 2003,SP1)Microsoft Windows Server 2003Operating SystemBuffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookMicrosoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 Server 2003 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDEMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,SP1)Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemThe GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 TAPI Buffer OverflowMicrosoft Windows 2000Telephony ServiceBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.10.24)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDMicrosoft Office 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Office 2007The application Microsoft Office 2007 is installed.Jonathan BakerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJonathan BakerACCEPTEDACCEPTEDCSNW Remote Buffer Overflow via Network Messages (WinXP,SP2)Microsoft Windows XPNetWareThe Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server Extended Stored Procedure Buffer OverflowMicrosoft Windows 2000SQL Server 2000Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDACCEPTEDServer 2003,SP1 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE6,SP1 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) SP1 is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Service Pack 1 is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDWinXP,SP2 MDAC RDS.Dataspace Remote Code Execution VulnerabilityMicrosoft Windows XPMDACUnspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (WinXP,SP1)Microsoft Windows XPTIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Server 2003 (64-bit) RPCSS DCOM Buffer Overflow (Blaster)Microsoft Windows Server 2003Distributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOEX Message ProcessingMicrosoft Windows 2000Operating SystemBuffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris 7 KCMS Arbitrary File Access VulnerabilitySun Solaris 7kcms_serverDirectory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.David ProulxTodd DolinskyINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxACCEPTEDFirefox/Mozilla Suite Chrome Window Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE5.01,SP3)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMultiple Buffer Overflows in libgdRed Hat Enterprise Linux 3libgdMultiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Agent Security Prompt Spoofing Vulnerability (Windows XP)Microsoft Windows XPMicrosoft AgentMicrosoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in the sshd(1M) Protocol Version 1 Implementation May Allow a Denial of Service to the HostSun Solaris 9Sun Solaris 10sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTED.lnk File-Properties Remote Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Operating SystemWindows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWin2K COM object Remote Code Execution VulnerabilityMicrosoft Windows 2000Operating SystemUnspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDMicrosoft Word 2002 Font Parsing VulnerabilityMicrosoft Windows XPMicrosoft Office XPSP3Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.Christine WalzerDRAFTINTERIMJonathan BakerACCEPTEDRobert L. HollisINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDExcel Malformed IMDATA Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMozilla Table Rebuilding Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDIE .chm Directory Traversal Windows XP VulnerabilityMicrosoft Windows XPHTML Help FacilityInternet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDServer 2003,SP1 Embedded Web Font VulnerabilityMicrosoft Windows Server 2003Operating SystemHeap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (XP,SP2)Microsoft Windows XPTIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDOLE Component Input Validation Vulnerability (32-bit XP,SP2)Microsoft Windows XPWindows Media Player 9The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 SMB Buffer OverflowMicrosoft Windows 2000SMB (Server Message Block)Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.Tiffany BergeronACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE6 DHTML Method Call Memory Corruption (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDHP-UX 11.11 Blind Connection Reset Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWMF Rendering Code Execution Vulnerability (32-bit Windows XP,SP2)Microsoft Windows XPOperating SystemMultiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMultiple Buffer Overflows in libXML2Red Hat Enterprise Linux 3libxml2Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDRHE3 Firefox External App Code Acceptance VulnerabilityRed Hat Enterprise Linux 3mozillaFirefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDopenSUSE 10.2 is installedopenSUSE 10.2openSUSE 10.2 is installed.Thomas R. JonesDRAFTINTERIMACCEPTEDNicholas HansenINTERIMACCEPTEDACCEPTEDcpe:/o:novell:opensuse:10.2Microsoft ISA Server Cross-Site ScriptingMicrosoft Windows 2000ISA Server 2000Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."Tiffany BergeronACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDgzip Hard Link AttackRed Hat Enterprise Linux 3gzipRace condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDSuppressed: Duplicate of OVAL3743Microsoft Windows Server 2003Microsoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDMHT Memory Corruption Vulnerability (S03,SP1)Microsoft Windows Server 2003Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDOutlook 2002 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDDeprecated in favor of oval:org.mitre.oval:def:219.Sun Solaris 10Operating SystemUnspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikDEPRECATEDDEPRECATEDpatch IE7-KB929969-WindowsServer2003-x64-enu.exe should be installedMicrosoft Windows Server 2003Microsoft Internet Explorer 7The patch IE7-KB929969-WindowsServer2003-x64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (x64) is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDExchange Server 2003,SP1 when running Outlook Web Access VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDSafe.PM Unsafe Code Execution VulnerabilitySun Solaris 8Sun Solaris 9PerlSafe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDDHTML Script Function Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMMatthew WojcikACCEPTEDACCEPTEDWindows 2000 COM Structured Storage VulnerabilityMicrosoft Windows 2000COM Internet ServicesWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDACCEPTEDExcel 2000 Remote Code Execution via Malformed File FormatMicrosoft Windows 2000Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDACCEPTEDCrystal Reports Business Objects Directory TraversalMicrosoft Windows 2000Crystal EnterpriseCrystal ReportsDirectory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.Andrew ButtnerJonathan BakerDRAFTWinXP,SP1 (64-bit) DDS Library Shape Control Buffer OverflowMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDbzip2 Arbitrary File Permission Modification VulnerabilityRed Hat Enterprise Linux 3bzip2Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDEMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP1)Microsoft Windows XPOperating SystemThe GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHP-UX Trusted Mode remshd Remote Unauthorized Access (B.11.11)HP-UX 11remshdUnknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDCrash on "zero-width non-joiner" SequenceMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDHyperlink Object Function VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemUnspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer 2003,SP1 DirectShow Malicious avi File VulnerabilityMicrosoft Windows Server 2003DirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 Installed XP,SP2 File Disclosure via Redirects VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDACCEPTEDHP-UX wuftpd Privilege Escalation Vulnerability (B.11.11)HP-UX 11ftpdwu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDFTP Download Destination Tampering Vulnerability (Windows 2000)Microsoft Windows 2000Operating SystemThe FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDISA Server Poison Cache VulnerabilityMicrosoft Windows 2000ISA Server 2000Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.Christine WalzerDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE6 HTML Tag Memory Corruption (Server 2003,SP1)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer 2003,SP1 HTTPS Proxy VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows XP Unknown Vector SMB VulnerabilityMicrosoft Windows XPSMB (Server Message Block)Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."Jonathan BakerDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFTP Server Response Parsing Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerThe wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.Robert L. HollisDRAFTDragos PrisacaINTERIMACCEPTEDACCEPTEDIE6,SP1 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDString Format Vulnerability in Solaris 7 snmpdxSun Solaris 7snmpdxFormat string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.David ProulxACCEPTEDTelnet Client Information Disclosure VulnerabilityRed Hat Enterprise Linux 3telnetCertain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vernulbility Relating to scp(1) Command May Allow Attackers to Execute Arbitrary CommandsSun Solaris 9Sun Solaris 10scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.Yuzheng ZhouDRAFTINTERIMACCEPTEDACCEPTEDSolaris 9 (x86) is installedSun Solaris 9The operating system installed on the system is Sun Solaris 9 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 9 (SPARC) is installedSun Solaris 9The operating system installed on the system is Sun Solaris 9 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSMB Driver Elevation of Privilege Vulnerability (S03,SP1)Microsoft Windows Server 2003Operating SystemThe Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (Server 2003,SP1)Microsoft Windows Server 2003TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (S03,SP1)Microsoft Windows Server 2003Internet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (XP,SP2)Microsoft Windows XPTIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v6.0,SP1 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP Telnet Environment Disclosure VulnerabilityMicrosoft Windows XPServices for UNIXThe Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.Jonathan BakerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2002 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (Server 2003)Microsoft Windows Server 2003Operating SystemBuffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDX Display Manager Control Protocol Denial of ServiceRed Hat Linux 9GDMThe X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDBuffer Overflows in uucpSun Solaris 7Sun Solaris 8Sun Solaris 9uucpMultiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.Brian SobyDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMINTERIMACCEPTEDACCEPTEDServer 2003 Embedded Web Font VulnerabilityMicrosoft Windows Server 2003Operating SystemHeap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDServer 2003 Color Management Module Buffer OverflowMicrosoft Windows Server 2003Microsoft Color Management ModuleBuffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDRHE4 Fetchmail Buffer Overflow via Long UIDL ResponsesRed Hat Enterprise Linux 4fetchmailBuffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDLinux Kernel elf_core_dump() Buffer OverflowRed Hat Enterprise Linux 3Linux kernelThe elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDEMF Rendering Denial of Service Vulnerability (32-bit Windows XP,SP2)Microsoft Windows XPOperating SystemThe GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.Robert L. HollisDRAFTDaniel TarnuINTERIMACCEPTEDACCEPTEDGDM Examine Errors Symlink VulnerabilityRed Hat Linux 9GDMGDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMS Windows RPC DCOM DoS-based Privilege Escalation Vulnerability (Test 2)Microsoft Windows 2000Remote Procedure Call (RPC)The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDACCEPTEDmlock Memory Page Tracking VulnerabilityRed Hat Enterprise Linux 3Linux kernelThe linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.Jay BealeDRAFTINTERIMACCEPTEDACCEPTED.lnk File-Properties Remote Code Execution Vulnerability (Windows XP)Microsoft Windows XPOperating SystemWindows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6,SP2 PNG Image Buffer OverflowMicrosoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDIE AbusiveParent Vulnerability (32-bit Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDHP-UX 11.04 ICMP Source Quench Attack VulnerabilityHP-UX 11Operating SystemMultiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMMatthew WojcikACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDKerberos V5 Null Pointer DoS VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Solaris Enterprise Authentication Mechanism (SEAM)MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDXimian Evolution MIME-encoded Image Buffer OverflowRed Hat Linux 9Ximian EvolutionThe handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDgzip zgrep Sanitation VulnerabilityRed Hat Enterprise Linux 3gzipzgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDCSNW Remote Buffer Overflow via Network Messages (WinXP,SP1)Microsoft Windows XPNetWareThe Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Server 2003)Microsoft Windows XPMicrosoft Windows Server 2003GDI+Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDDirectX 9 DirectShow Malicious MIDI File VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDDirectAnimation ActiveX Controls Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExcel Malformed String VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Excel 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe application Microsoft Excel 2003 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Excel 2000 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Excel 2000 is installed.Robert L. HollisDRAFTJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Excel 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Excel 2002 is installed.Robert L. HollisDRAFTJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Excel Viewer is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Excel Viewer is installed.Robert L. HollisINTERIMACCEPTEDACCEPTEDWinXP,SP1 (64-bit) HTTPS Proxy VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDString Format Vulnerability in Solaris 8 snmpdxSun Solaris 8snmpdxFormat string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.David ProulxACCEPTEDSolaris 9 CDE ToolTalk Database Null Write VulnerabilitySun Solaris 9CDECDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.Brian SobyDRAFTINTERIMACCEPTEDBrian SobyBrian SobyINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDusermod Recursive Ownership Error (B.11.23)HP-UX 11Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.Robert L. HollisDRAFTINTERIMACCEPTEDNabil OuchnINTERIMACCEPTEDACCEPTEDWin2K/XP,SP1 HTTPS Proxy VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE Web Page Spoofing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."Tiffany BergeronINTERIMACCEPTEDACCEPTEDDirectX 8 DirectShow Malicious MIDI File VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDIE plugin.ocx Heap OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDACCEPTEDWindows Server 2003 SSL PCT Handshake VulnerabilityMicrosoft Windows Server 2003Private Communications Transport (PCT)Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.Andrew ButtnerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in Solaris 10 NFS XDR Handling May Allow a Denial of Service to NFS ServersSun Solaris 10Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.Nicholas HansenDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 (x86) is installedSun Solaris 10The operating system installed on the system is Sun Solaris 10 for x86.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDSolaris 10 (SPARC) is installedSun Solaris 10The operating system installed on the system is Sun Solaris 10 for SPARC.Jonathan BakerDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDMicrosoft RichEdit VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemThe RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDWindows ntdll.dll Buffer OverflowMicrosoft Windows 2000Windows 2000Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.Tiffany BergeronAnna MinINTERIMACCEPTEDACCEPTEDXMLHttpRequest Header Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDOutlook Express 5.5,SP2 News Reading VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDMozilla JavaScript Garbage-collection Hazard AuditMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDPostgreSQL tsearch2 "internal" Functions VulnerabilityRed Hat Enterprise Linux 3postgresqlThe tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDSolaris 9 Systems With Solaris Auditing (BSM) Enabled may Panic if Certain Audit Classes are Being AuditedSun Solaris 9Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.Sudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x86) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 Service Pack 2 (x86) is installed.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDACCEPTEDMicrosoft Windows XP SP2 (64-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP2 (64-bit).Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExchange 2000 Server TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDgzip Argument Sanitation VulnerabilityRed Hat Enterprise Linux 3zgrepzgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDXimian Evolution User Agent Multiple uuencoding Denial of ServiceRed Hat Linux 9Ximian EvolutionXimian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMS CIFS Spoofed Browse Frame Request VulnerabilityMicrosoft Windows 2000NetBIOSInteractions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.Tiffany BergeronINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (S03,SP1)Microsoft Windows Server 2003Internet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMS SQL Server 2000 Resolution Service Buffer OverflowMicrosoft Windows NTSQL Server 2000Multiple buffer overflows in SQL Server 2000 Resolution Service allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption.Tiffany BergeronINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogINTERIMACCEPTEDACCEPTEDWindows NT/2000 ASN.1 Library Double-free Memory Corruption VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft ASN.1 LibraryDouble-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.David ProulxINTERIMACCEPTEDACCEPTEDWindows XP TAPI Buffer OverflowMicrosoft Windows XPTelephony ServiceBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDPerl Format String Integer Overflow VulnerabilitySun Solaris 10PerlInteger overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRHE4 Firefox External App Code Acceptance VulnerabilityRed Hat Enterprise Linux 4mozillaFirefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDDCOM RPC Object Identity Windows XP VulnerabilityMicrosoft Windows XPRemote Procedure Call (RPC)The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDMSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (WinXP,SP1)Microsoft Windows XPMSDTCThe MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExchange Server 2003,SP2 when running Outlook Web Access VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDXimian Evolution Mail User Agent uuencoded header Denial of ServiceRed Hat Linux 9Ximian EvolutionThe try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2003 Remote Code Execution Using a Malformed Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPointUnspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.Robert L. HollisDRAFTMatthew WojcikMatthew WojcikINTERIMACCEPTEDACCEPTEDWindows 2000 Internet Printing ISAPI Extension Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.Christine WalzerINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDMicrosoft JScript Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Operating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDDCOM RPC Object Identity Windows 2003 VulnerabilityMicrosoft Windows Server 2003Remote Procedure Call (RPC)The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."Christine WalzerINTERIMACCEPTEDACCEPTEDMultiple Format String Vulnerabilities in neon and Dependent ProductsRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.Jay BealeINTERIMACCEPTEDMatthew WojcikMatthew WojcikMatthew WojcikMatthew WojcikINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows XP WMF/EMF Buffer OverflowMicrosoft Windows XPEnhanced Metafile (EMF)Windows Metafile (WMF)Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWMF Rendering Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Operating SystemMultiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDDCOM RPC Object Identity Windows 2000 VulnerabilityMicrosoft Windows 2000Remote Procedure Call (RPC)The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."Christine WalzerINTERIMACCEPTEDACCEPTEDIE6:XP,SP2 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDDirectory Traversal Vulnerability in CVS ServerRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDVarious Ethereal Dissector VulnerabilitiesRed Hat Linux 9EtherealEthereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDMicrosoft Certificate Validation Flaw Identity Spoofing Vulnerability (Variant)Microsoft Windows NTCertificate ValidationMicrosoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).Christine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDVulnerability in Vector Markup Language (VML) Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerInteger overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 7 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaA version of Microsoft Internet Explorer 7 is installed.Sudhir GandheDRAFTINTERIMAndrew ButtnerACCEPTEDACCEPTEDWindows XP HTML Help Remote Code Execution VulnerabilityMicrosoft Windows XPHTML Help FacilityInteger overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.Andrew ButtnerDRAFTINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDMicrosoft Certificate Validation Flaw Identity Spoofing VulnerabilityMicrosoft Windows XPMicrosoft CryptoAPIThe (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.Christine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows Address Book Contact Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook ExpressUnspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDOutlook Express 5.5 SP2 is installed.Microsoft Windows 2000Outlook Express 5.5 SP2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDOutlook Express 6 SP1 is installed.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Outlook Express 6 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 6 for Windows XP/2003 is installedMicrosoft Windows XPMicrosoft Outlook Express 6 for Windows XP/2003 is installedRobert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows XP winlogon Remote Buffer OverflowMicrosoft Windows XPWindows logon process (winlogon)Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows XP (32-Bit) DUNZIP Integer OverflowMicrosoft Windows XPCompressed FoldersInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.David ProulxDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDMultiple Vulnerabilities in Rockliffe MailSite ExpressMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Rockliffe MailSite ExpressCross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.Rahul MohandasDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Directory Traversal Command Execution (Test 2)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Christine WalzerINTERIMACCEPTEDACCEPTEDFlash Arbitrary Code Execution VulnerabilityMicrosoft Windows XPFlash PlayerUnspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDRed Hat OpenSSL Kerberos Handshake VulnerabilityRed Hat Linux 9OpenSSLThe SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.Matt BusbyMatt BusbyINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSNMP Trap Handling VulnerabilitySun Solaris 7Sun Solaris 8snmpdxVulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Brian SobyDRAFTINTERIMACCEPTEDACCEPTEDSNMP Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Operating SystemBuffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWindows Utility Manager Shatter Message VulnerabilityMicrosoft Windows 2000Utility ManagerThe Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.Harvey RubinovitzINTERIMACCEPTEDACCEPTEDWindows 2000 Print Spooler Service Buffer OverflowMicrosoft Windows 2000Print Spooler ServiceBuffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDSolaris Xsun Privilege Escalation via Pixmaps VulnerabilitySun Solaris 8Sun Solaris 9Sun Solaris 10XMultiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMalicious CVS Server RCS diff File Vulnerability in CVS ClientRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDDCOM RPC Object Identity Windows NT VulnerabilityMicrosoft Windows NTRemote Procedure Call (RPC)The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."Christine WalzerINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesUnspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMDAC SQL-DMO Buffer Overflow (Test 3)Microsoft Windows XPMicrosoft Data Access Components 2.7Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDRHE3 Fetchmail Buffer Overflow via Long UIDL ResponsesRed Hat Enterprise Linux 3fetchmailBuffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.Jay BealeDRAFTINTERIMACCEPTEDACCEPTEDMozilla Privilege Escalation via XBL.method.evalMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDVeritas Backup Exec RestrictAnonymous Forced Misconfiguration VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Veritas Backup Exec 8.5Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.Tiffany BergeronINTERIMIngrid SkoogINTERIMRed Hat Enterprise 3 Kernel ncp_lookup Function BORed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSquirrelMail SQL Injection VulnerabilityRed Hat Enterprise Linux 3SquirrelMailSQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.Jay BealeINTERIMACCEPTEDACCEPTEDWindows Server 2003 Help and Support Center HCP URL Validation VulnerabilityMicrosoft Windows Server 2003Help and Support Center (HSC)Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDHP-UX 11.00 swagentd Denial of ServiceHP-UX 11swagentdUnspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDWindows Server 2003 COM Internet Services/RPC over HTTP Proxy Component Buffer OverflowMicrosoft Windows Server 2003COM Internet ServicesBuffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.Christine WalzerINTERIMACCEPTEDAndrew ButtnerINTERIMAndrew ButtnerACCEPTEDACCEPTEDWindows RPC Locator Service Buffer OverflowMicrosoft Windows NTLocator serviceBuffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.Tiffany BergeronACCEPTEDHP-UX ftpd Remote Unauthorized Data Access (B.11.04)HP-UX 11ftpdThe FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.Robert L. HollisDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDACCEPTEDOutlook Express v6.0 for Server 2003 MHTML URL Processing VulnerabilityMicrosoft Windows Server 2003Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 DirectPlay Denial of ServiceMicrosoft Windows 2000Microsoft DirectPlayIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE5.01,SP3 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIncorrect Permission on SQL Server Service Account Registry KeyMicrosoft Windows NTSQL Server 2000The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."Tiffany BergeronINTERIMACCEPTEDJonathan BakerINTERIMINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDACCEPTEDThe Remote Access Service is RunningMicrosoft Windows 2000NetBIOSA component service related to NETBIOS is running.Tiffany BergeronINTERIMACCEPTEDACCEPTEDWinNT Broad Permissions for Remote Registry AccessMicrosoft Windows NTMicrosoft Windows NTThe registry in Windows NT can be accessed remotely by users who are not administrators.Tiffany BergeronDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMS Exchange Server Broad Permissions in WinReg Registry KeyMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerMicrosoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.Tiffany BergeronINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDNT4.0 Remote Registry Access Authentication VulnerabilityMicrosoft Windows NTMicrosoft Windows NTThe Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE6 Double Byte Character Parsing Memory Corruption (WinXP)Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDSolaris 7 rpc.yppasswdd Buffer Overrun VulnerabilitySun Solaris 7rpc.yppasswddBuffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.David ProulxACCEPTEDWindows NT IIS Directory Traversal Command Execution (Test 2)Microsoft Windows NTMicrosoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Kernel R128 DRI Limits Checking VulnerabilityRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWin2k Domain Controller LSASS Denial of ServiceMicrosoft Windows 2000Lightweight Directory Access Protocol (LDAP)Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.Tiffany BergeronINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWinXP,SP2 Drag-and-Drop VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE File Download Dialog Deception VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDRed Hat Enterprise 3 Kernel Real Time Clock Data LeakageRed Hat Enterprise Linux 3Red Hat Enteprise Linux 3Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.Jay BealeINTERIMACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDSquirrelMail Cross-site Scripting Vulnerability IIRed Hat Enterprise Linux 3SquirrelMailCross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.Jay BealeINTERIMACCEPTEDACCEPTEDWindows 2000 IIS5 WebDAV Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDOutlook Express v6.0,SP1 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDEthereal 0-Length Buffer Size Vulnerability in tvb_get_nstring0()Red Hat Linux 9EtherealThe tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.Jay BealeINTERIMJay BealeACCEPTEDThomas R. JonesINTERIMACCEPTEDACCEPTEDWindows XP IIS5 WebDAV Denial of ServiceMicrosoft Windows XPMicrosoft Internet Information Server (IIS)IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP Help and Support Center HCP URL Validation VulnerabilityMicrosoft Windows XPHelp and Support Center (HSC)Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows XP ASN.1 Library Double-free Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft ASN.1 LibraryDouble-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.David ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDSquirrelMail Cross-site Scripting Vulnerability IRed Hat Enterprise Linux 3SquirrelMailMultiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.Jay BealeINTERIMACCEPTEDACCEPTEDIE6,SP1 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWinXP Management VulnerabilityMicrosoft Windows XPWindows XPWindows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."Harvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDCVS serve_notify Improper Handling of Empty Data LinesRed Hat Enterprise Linux 3CVSserve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.Jay BealeINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 4 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 4 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff Directory Entry Count Integer Overflow VulnerabilitySun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffInteger overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff Malloc Error Denial of ServiceSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffMultiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff tif_dirread divide-by-zero Denial of ServiceSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffVulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDlibtiff RLE Decoder Buffer Overflow VulnerabilitiesSun Solaris 7Sun Solaris 8Sun Solaris 9Sun Solaris 10libtiffMultiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDX Display Manager DoS via Invalid XDMCP RequestSun Solaris 7Sun Solaris 8Sun Solaris 9XDMX Display Manager (XDM) on Solaris 8 allows remote attackers to cause a denial of service (XDM crash) via an invalid X Display Manager Control Protocol (XDMCP) request.Robert L. HollisChristine WalzerDRAFTINTERIMACCEPTEDACCEPTEDApache mod_proxy Content-Length Header Buffer OverflowSun Solaris 8Sun Solaris 9ApacheHeap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDApache Allow/Deny Parsing ErrorSun Solaris 8Sun Solaris 9Apachemod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDApache Listening Socket Starvation VulnerabilitySun Solaris 8Sun Solaris 9ApacheApache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDApache Error Log Escape Sequence Filtering VulnerabilitySun Solaris 8Sun Solaris 9ApacheApache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDApache Nonce Verification Response Replay VulnerabilitySun Solaris 8Sun Solaris 9Apachemod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDFirefox and Mozilla top.focus() Cross-Site Scripting VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.Robert L. HollisChristine WalzerJonathan BakerINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDACCEPTEDServer 2003,SP1 PKINIT Information Disclosure VulnerabilityMicrosoft Windows Server 2003Operating SystemUnknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDACCEPTEDServer 2003,SP1 Kerberos Message DoS VulnerabilityMicrosoft Windows Server 2003Operating SystemUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDACCEPTEDServer 2003 PKINIT Information Disclosure VulnerabilityMicrosoft Windows Server 2003Operating SystemUnknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDServer 2003 Kerberos Message DoS VulnerabilityMicrosoft Windows Server 2003Operating SystemUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDWindows XP,SP1 (64-bit) PKINIT Information Disclosure VulnerabilityMicrosoft Windows XPOperating SystemUnknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP,SP1 (64-bit) Kerberos Message DoS VulnerabilityMicrosoft Windows XPOperating SystemUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP,SP2 PKINIT Information Disclosure VulnerabilityMicrosoft Windows XPOperating SystemUnknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDACCEPTEDInteger overflow in the "Max-dotdot" CVS protocol commandRed Hat Enterprise Linux 3CVSInteger overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.Jay BealeINTERIMACCEPTEDACCEPTEDWindows XP,SP2 Kerberos Message DoS VulnerabilityMicrosoft Windows XPOperating SystemUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP,SP1 (32-bit) PKINIT Information Disclosure VulnerabilityMicrosoft Windows XPOperating SystemUnknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP,SP1 (32-bit) Kerberos Message DoS VulnerabilityMicrosoft Windows XPOperating SystemUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDACCEPTEDWindows 2000 PKINIT Information Disclosure VulnerabilityMicrosoft Windows 2000Operating SystemUnknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWindows 2000 Kerberos Message DoS VulnerabilityMicrosoft Windows 2000Operating SystemUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDACCEPTEDWindows XP,SP1 (64-bit) RDP DoS VulnerabilityMicrosoft Windows XPOperating SystemThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisINTERIMACCEPTEDACCEPTEDTest Consolidated to OVAL Definition 1297Microsoft Windows Server 2003Operating SystemBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Robert L. HollisINTERIMACCEPTEDJohn HoylandDEPRECATEDDEPRECATEDTest Consolidated to OVAL Definition 1075Microsoft Windows XPOperating SystemBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Robert L. HollisINTERIMACCEPTEDJohn HoylandDEPRECATEDDEPRECATEDTest Consolidated to OVAL Definition 1075Microsoft Windows XPOperating SystemBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Robert L. HollisINTERIMACCEPTEDJohn HoylandDEPRECATEDDEPRECATEDDEPRECATED: Windows XP,SP1 TAPI Buffer OverflowMicrosoft Windows XPOperating SystemBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Robert L. HollisINTERIMACCEPTEDJohn HoylandDEPRECATEDDEPRECATEDTest Consolidated to OVAL1221Microsoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Robert L. HollisINTERIMACCEPTEDJohn HoylandDEPRECATEDDEPRECATEDTest Consolidated to OVAL790Microsoft Windows Server 2003Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Robert L. HollisINTERIMACCEPTEDJohn HoylandDEPRECATEDDEPRECATEDWindows XP,SP1 Print Spooler Service Buffer OverflowMicrosoft Windows XPOperating SystemBuffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.Robert L. HollisINTERIMACCEPTEDACCEPTEDWindows XP (64-bit) PnP Buffer OverflowMicrosoft Windows XPOperating SystemStack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisINTERIMACCEPTEDACCEPTEDMozilla Local File Loading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Creates World-readable temp FilesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing during Binary DownloadMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing via "View Source"Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Inactive Tab Form Data Theft VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Malicious news: VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThunderbirdHeap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox Script-generated Download Prompt BypassMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxFirefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Inactive Tab Dialog Box VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxmozillaFirefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla 407 Proxy Information Disclosure VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Thunderbird Subject to IE Vulnerabilities via javascriptMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003ThunderbirdThunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Mail News Cookie Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers bypass the user's intended privacy and security policy by using cookies in e-mail messages.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Livefeed Bookmark Cookie SwipingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxFirefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Popup Content Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxMozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla UTF8 to Unicode Conversion Heap OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThunderbirdHeap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Download/Security Dialogs Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla 'user:pass@host' Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThunderbirdThe installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla String Library Memory Overwrite VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThunderbirdString handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Autocomplete Data LeakMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxThe Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XSLT Stylesheet Information Disclosure PotentialMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Double Download .lnk VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThunderbirdFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla "Save Link As" Dialog Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Download Dialog Source Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla HTTP auth Prompt Tab SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Image Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThunderbirdFirefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Cross-site Scripting via Drag and Drop to TabMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Privileged Content Loading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla IDN Homograph Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThe International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla GIF Heap OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThunderbirdHeap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDFirefox Sidebar Panel Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxFirefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XUL Drag and Drop Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Javascript "lambda"Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThe find_replen function in jsstr.c in the the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla PLUGINSPAGE Privileged Javascript Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxThe Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla blocked javascript: popup Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Global Pollution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla favicons Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThe favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Search Plugin Cross-site Scripting VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox Sidebar Code Execution via _search TargetMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxMultiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla InstallTrigger Instance Validation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThe native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla DOM Node Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThe privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Suite InstallTrigger Callback VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Robert L. HollisChristine WalzerJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla JavaScript Wrapping VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Script Privilege Context VulnerabilitiesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDImproper Handling of Synthetic Events in MozillaMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThe browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDXBL Script Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxThunderbirdFirefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDFirefox Wallpaper VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxFirefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDMatthew WojcikACCEPTEDJohn HoylandINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox InstallTrigger Callback VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFirefox Sidebar Script Injection via _search TargetMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxFirefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDInstallVersion.compareTo() DoS and Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefoxFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla Framed Site Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaA regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.Robert L. HollisJonathan BakerChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox External App Code Acceptance VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003FirefoxFirefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.Robert L. HollisChristine WalzerJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFirefox and Mozilla Javascript Dialog Box SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."Robert L. HollisChristine WalzerJonathan BakerMatthew WojcikINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla DOM Node SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla Shared Object Code ExecutionMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDIFRAME in Firefox and Mozilla Permits Execution of Arbitrary Javascript in Other DomainsMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDInstall Function in Firefox and Mozilla Permits Arbitrary Code ExecutionMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDWindows XP Help Center Command Insertion VulnerabilityMicrosoft Windows XPHelp and Support Center (HSC)Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMAnna MinACCEPTEDACCEPTEDVML Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Internet ExplorerStack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP1 (x86) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 Service Pack 1 (x86) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Internet Explorer 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP SP2 is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP2.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP SP1 (64-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP1 (64-bit).Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 5.01 SP4 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Internet Explorer 5.01 SP4 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Windows 2000 SP4 or later is installedMicrosoft Windows 2000The operating system installed on the system is Microsoft Windows 2000 SP4.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (x86) Gold is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (x86) Gold is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDHeap Overflow in Solaris 8 xlockSun Solaris 8xlockHeap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.David ProulxACCEPTEDMicrosoft Windows XP SP1 (32-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP1 (32-bit).Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDThe ImageMagick-* RPMs all require that the main ImageMagick RPM have the same version and release number.The ImageMagick-devel, ImageMagick-c++-devel, and ImageMagick-c++ RPMs all require that the exact same version of the ImageMagick RPM is present. As such, we can test for a vulnerable version of the former alone, rather than testing for the presence of each of these RPMs in particular.For "/tmp is readable by non-root users," use a compound test.We think, but are not sure that the affected version of bkupexec.exe is 3.60.1.298 The file should be found in C:Program Files\VERITAS\Backup Exec\NT\bkupexec.exeService Pack 2 or less for Windows Office XP needs regex involving strings and less thanThe presence of /etc/named.conf indicates that system system is probably configured as a DNS serveregrep "^[Srecipient=2|S2]|^[^#]*\$>2|^[^#]*\$>recipient|^[^#]*\$>4|^[^#]*\$>final" /etc/mail/sendmail.cf True if any lines returnedSUNWkrbu - 32bit, SUNWkrbux - 64bitgrep c2audit /etc/system True if "set c2audit:audit_load = 1" or similiaregrep ^flags:.*a[sd] /etc/security/audit_control True if any lines returnedPackage which contains /usr/lib/netsvc/yp/ypxfrdCVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265CVE-2002-1265SUNWcsu = 32bit, SUNWcsxu = 64bitThis test needs to be modified to look for capicom.dll in locations other than the system root.Solaris Management Console web interfaceMultiple RPMs were updated in this release, but all but mozilla-nspr have mozilla-with-their-same-version as an installation dependency. So, if mozilla is up to date, mozilla-chat, mozilla-devel, ... , mozilla-js-debugger are all up to date. Mozilla itself requires that mozilla-nspr and mozilla-nss be installed with the same version as itself. This closes the loop -- if mozilla is up to date, so are the other mozilla-FOO RPMs.As stated in the iDefense security advisory, if this key exists and contains a value, then the system has Interactive Training installed, and it will process .cbo files.Rough translation of the Sun recommended test of: % grep default_realm /etc/krb5/krb5.conf | grep -v ___default_realm___ default_realm = EXAMPLE.COMMultiple RPMs were updated in this release, but all but mozilla-nspr have mozilla-with-their-same-version as an installation dependency. So, if mozilla is up to date, mozilla-chat, mozilla-devel, ... , mozilla-js-debugger are all up to date. Mozilla itself requires that mozilla-nspr and mozilla-nss be installed with the same version as itself. This closes the loop -- if mozilla is up to date, so are the other mozilla-FOO RPMs.We think, but are not sure that the affected version of bkupexec.exe is 3.60.1.298 The file should be found in C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exe118908
.*Xorg\b.*/proc/tty/driverserial/proc/tty/driver/proc/tty/procvserver.vxdHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\UtilMan{5c773859-bb96- 48fa-875b-6a58aae072f4}IsInstalledOS-Core.CORE2-KRNPHKL_33713PHKL_33714krb5-libsetherealethereal-gnomesquid.*.*.*HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixesgopherutempter/usr/sbinutempterlha/usr/binlhatcpdumplibpnglibpng-devellibpnglibpng-develcvsmsjet40.dllwmsjet40.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB837001InstalledrsyncImageMagickHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A02HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A02HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A03HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A03kdelibs/usr/kerberos/bintelnet/usr/binrlogin/usr/kerberos/binrlogin/usr/binssh/usr/binkmailipsec-toolsUDP.*.*112785
119059
/usr/openwin/binXprt119060
112786
108652
108653
/usr/openwin/binXsunsquid/binmountkernelkernel-smpkernel-hugememnsiislog.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB817772InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822343InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\Hotfix\Q811114Installedcode.aspHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q232449InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{A954CDD5-A95F-414F-B3FE-FBEF9D2AECEA}IsInstalled^.*kssl.*121475
121474
mozilla-nss119435
114344
116966
116965
h323.tsp125101
125100
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q291845Installedwintrust.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q311967Installedetherealethereal-gnome118535
121004
109325
118536
121005
etherealethereal-gnome/usr/bintetherealsquid.*.*.*mod_sslmozillamozilla-nssopensslopenssl-developenssl-perlopenssl096bnet-snmp.*.*.*kernelkernelkernel-smpkernel-bigmemcvs125101
118855
125100
118833
kdepimhttpdhttpdsysstatnfs-utils.*.*.*kernelkernel-smpkernel-bigmemkdepim/usr/share/serviceskfile_vcf.desktopetherealethereal=gnome/usr/binethereal/usr/sbinethereal/usr/sbintetherealcvs/tcpdumpsysstattcpdump/usr/sbintcpdumpgdk-pixbufgdk-pixbuf-develgdk-pixbuf-gnomegdk-pixbufgdk-pixbuf-develgdk-pixbuf-gnomemsgsc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Outlook\InstallRoot.*outlook.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NetShowVersionnscm.exenspmon.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Services\KB832359IsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\nsstationStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Services\KB832359Startmuttkernelkernel-smpkernel-bigmem119067
119060
112786
119059
119068
112785
libxml2libxml2-devellibxml2-pythonXFree86OpenOffice_org-hunspellOpenOffice_org1-daOpenOffice_org-nbOpenOffice_org1-huOpenOffice_org1-skOpenOffice_org1-zh-CNOpenOffice_org-afOpenOffice_org1-caOpenOffice_org-etOpenOffice_org1-ptOpenOffice_org1-plOpenOffice_org-cyOpenOffice_org-galleriesOpenOffice_org-ruOpenOffice_org-koOpenOffice_org1-esOpenOffice_org1-arOpenOffice_org-xhOpenOffice_org-viOpenOffice_org1-koOpenOffice_org1-svOpenOffice_org-daOpenOffice_org1-trOpenOffice_org-gu-INOpenOffice_org-be-BYOpenOffice_org-pt-BROpenOffice_org1-ruOpenOffice_org1-jaOpenOffice_org-ptOpenOffice_org1-gnomeOpenOffice_org-gnomeOpenOffice_orgOpenOffice_org-esOpenOffice_org1-elOpenOffice_org-itOpenOffice_org1-etOpenOffice_org-jaOpenOffice_org1-slOpenOffice_org-slOpenOffice_org1-kdeOpenOffice_org1-nlOpenOffice_org-svOpenOffice_org1-itOpenOffice_org1-enOpenOffice_org-nlOpenOffice_org1-csOpenOffice_org1-fiOpenOffice_org-plOpenOffice_org-caOpenOffice_org-officebeanOpenOffice_org-deOpenOffice_org1-frOpenOffice_org1-zh-TWOpenOffice_org1-deOpenOffice_org-csOpenOffice_org-zh-CNOpenOffice_org-enOpenOffice_org-hrOpenOffice_org-nnOpenOffice_org-kdeOpenOffice_org-fiOpenOffice_org-elOpenOffice_org-en-GBOpenOffice_org-bgOpenOffice_org-trOpenOffice_org-pa-INOpenOffice_org-arOpenOffice_org-zh-TWmod_pythonTCP.*.*123373
123372
124970
124245
124969
124244
sambaOpenOffice_org-zuOpenOffice_org1pwlibkernelkernel-smpkernel-hugememOpenOffice_org-skkdelibsOpenOffice_org-huOpenOffice_org-monomc/usr/binmcOpenOffice_org-frslocate/usr/binslocatessmsrp70.dlldbmsrpcn.dllgaimmailmanmuttnetpbmnetpbm-develnetpbm-progsXFree86/usr/X11R6/binXFree86netpbmnetpbm-develnetpbm-progs/usr/bin411toppm/usr/binasciitopgm/usr/binatktopbm/usr/binbioradtopgm/usr/binbmptoppm/usr/binbrushtopbm/usr/bincmuwmtopbm/usr/bineyuvtoppm/usr/binfiascotopnm/usr/binfitstopnm/usr/binfstopgm/usr/bing3topbm/usr/bingemtopbm/usr/bingemtopnm/usr/bingiftopnm/usr/bingouldtoppm/usr/binhipstopgm/usr/binhpcdtoppm/usr/binicontopbm/usr/binilbmtoppm/usr/binimgtoppm/usr/binjpegtopnm/usr/binleaftoppm/usr/binlispmtopgm/usr/binmacptopbm/usr/binmdatopbm/usr/binmgrtopbm/usr/binmtvtoppm/usr/binneotoppm/usr/binpalmtopnm/usr/binpamchannel/usr/binpamcut/usr/binpamdeinterlace/usr/binpamfile/usr/binpamoil/usr/binpamstretch/usr/binpamtopnm/usr/binpbmclean/usr/binpbmlife/usr/binpbmmake/usr/binpbmmask/usr/binpbmpage/usr/binpbmpscale/usr/binpbmreduce/usr/binpbmtext/usr/binpbmto10x/usr/binpbmto4425/usr/binpbmtoascii/usr/binpbmtoatk/usr/binpbmtobbnbg/usr/binpbmtocmuwm/usr/binpbmtoepsi/usr/binpbmtoepson/usr/binpbmtog3/usr/binpbmtogem/usr/binpbmtogo/usr/binpbmtoicon/usr/binpbmtolj/usr/binpbmtoln03/usr/binpbmtolps/usr/binpbmtomacp/usr/binpbmtomda/usr/binpbmtomgr/usr/binpbmtonokia/usr/binpbmtopgm/usr/binpbmtopi3/usr/binpbmtopk/usr/binpbmtoplot/usr/binpbmtoppa/usr/binpbmtopsg3/usr/binpbmtoptx/usr/binpbmtowbmp/usr/binpbmtox10bm/usr/binpbmtoxbm/usr/binpbmtoybm/usr/binpbmtozinc/usr/binpbmupc/usr/binpcxtoppm/usr/binpgmbentley/usr/binpgmcrater/usr/binpgmedge/usr/binpgmenhance/usr/binpgmhist/usr/binpgmkernel/usr/binpgmnoise/usr/binpgmnorm/usr/binpgmoil/usr/binpgmramp/usr/binpgmslice/usr/binpgmtexture/usr/binpgmtofs/usr/binpgmtolispm/usr/binpgmtopbm/usr/binpgmtoppm/usr/binpi1toppm/usr/binpi3topbm/usr/binpjtoppm/usr/binpktopbm/usr/binpngtopnm/usr/binpnmalias/usr/binpnmarith/usr/binpnmcat/usr/binpnmcolormap/usr/binpnmcomp/usr/binpnmconvol/usr/binpnmcrop/usr/binpnmcut/usr/binpnmdepth/usr/binpnmenlarge/usr/binpnmfile/usr/binpnmflip/usr/binpnmgamma/usr/binpnmhisteq/usr/binpnmhistmap/usr/binpnminterp/usr/binpnminvert/usr/binpnmmontage/usr/binpnmnlfilt/usr/binpnmnoraw/usr/binpnmpad/usr/binpnmpaste/usr/binpnmpsnr/usr/binpnmremap/usr/binpnmrotate/usr/binpnmscale/usr/binppmtopict/usr/binppmtopj/usr/binppmtopjxl/usr/binppmtopuzz/usr/binppmtorgb3/usr/binppmtosixel/usr/binppmtotga/usr/binppmtouil/usr/binppmtowinicon/usr/binppmtoxpm/usr/binppmtoyuv/usr/binppmtoyuvsplit/usr/binppmtv/usr/binpsidtopgm/usr/binpstopnm/usr/binqrttoppm/usr/binrasttopnm/usr/binrawtopgm/usr/binrawtoppm/usr/binrgb3toppm/usr/binrletopnm/usr/binsbigtopgm/usr/binsgitopnm/usr/binsirtopnm/usr/binsldtoppm/usr/binspctoppm/usr/binspottopgm/usr/binsputoppm/usr/bintgatoppm/usr/binthinkjettopbm/usr/bintifftopnm/usr/binwbmptopbm/usr/binwinicontoppm/usr/binxbmtopbm/usr/binximtoppm/usr/binxpmtoppm/usr/binxvminitoppm/usr/binxwdtopnm/usr/binybmtopbm/usr/binyuvsplittoppm/usr/binyuvtoppm/usr/binzeisstopnm/usr/binpnmscalefixed/usr/binpnmshear/usr/binpnmsmooth/usr/binpnmsplit/usr/binpnmtile/usr/binpnmtoddif/usr/binpnmtofiasco/usr/binpnmtofits/usr/binpnmtojpeg/usr/binpnmtopalm/usr/binpnmtoplainpnm/usr/binpnmtopng/usr/binpnmtops/usr/binpnmtorast/usr/binpnmtorle/usr/binpnmtosgi/usr/binpnmtosir/usr/binpnmtotiff/usr/binpnmtotiffcmyk/usr/binpnmtoxwd/usr/binppm3d/usr/binppmbrighten/usr/binppmchange/usr/binppmcie/usr/binppmcolormask/usr/binppmcolors/usr/binppmdim/usr/binppmdist/usr/binppmdither/usr/binppmflash/usr/binppmforge/usr/binppmhist/usr/binppmlabel/usr/binppmmake/usr/binppmmix/usr/binppmnorm/usr/binppmntsc/usr/binppmpat/usr/binppmquant/usr/binppmqvga/usr/binppmrelief/usr/binppmshift/usr/binppmspread/usr/binppmtoacad/usr/binppmtobmp/usr/binppmtoeyuv/usr/binppmtogif/usr/binppmtoicr/usr/binppmtoilbm/usr/binppmtojpeg/usr/binppmtoleaf/usr/binppmtolj/usr/binppmtomitsu/usr/binppmtompeg/usr/binppmtoneo/usr/binppmtopcx/usr/binppmtopgm/usr/binppmtopi1pwlib.*.*1720112846
PHCO_29269PHCO_30275PHCO_32181HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Microsoft Services for UNIX\KB896428InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Services for UNIXCurrent_ReleaseHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832483InstalledInternetSrvcs.INETSVCS-RUNInternetSrvcs.INET-ENG-A-MANInternetSrvcs.INETSVCS-RUNInternetSrvcs.INET-ENG-A-MANPHNE_23947PHNE_33790120955
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707IsInstalled106934
Perl5.*\.PERL-RUNPerl5.*\.PERL-RUNPerl5.*\.PERL-RUNPerl5.*\.PERL-RUNPerl5.*\.PERL-RUNImekr70.imeSUNWkrgdoSUNWkr5svSUNWkrgglSUNWkr5sldnsapi.dllgftp/usr/bingftpImageMagickHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB830352Installed112234
117172
.*dtspc/usr/dt/bindtspcdHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q328310Installed108721
rh-postgresql-serverHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \((0\..*|1\.0\..*\))$DisplayName110453
ypserv.*.*.*xpdf/usr/binxpdf109321
114890
120467
120468
^/etc/lp/printers/.*xinetd.*.*.*HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828028Installed/usr/openwin/binkcms_configurePHNE_30983PHNE_31732mikmod/usr/binmikmodCIFS-Server.CIFS-RUNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBmmc.exevsftpdTCP.*.*up2date^.*rhnsd.*$sysreport/usr/lib/snmpmibiisa^.*mibiisa.*unzip/usr/binunzipPHSS_29964PHCO_28848WUFTP-26.INETSVCS-FTPsquirrelmailPHCO_23261OS-Core.C2400-UTILOS-Core.ADMN-ENG-A-MANHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Ras\CurrentVersionPathNamerasman.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318138InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896428Installedcups.*.*.*X11.X11-RUN-CLPHSS_32109PHSS_30791PHSS_33589PHSS_31833PHSS_32366sendmail.*.*.*sendmailHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*DisplayVersionInternetSrvcs.INETSVCS-RUNPHNE_33414SUNWrcmds118239
116984
117455
/usr/sbin/in.rwhodHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared Tools\Web Server Extensions\Setup PackagesFrontPage 2000 Server Extensions SRHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Publisher\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q331953InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828749Installedsendmail/usr/sbinsendmail.sendmailTCP.*.*wlwl-xemacs/usr/binemacs/usr/binxemacssamba.*.*.*111596
SUNWxwpltgzipgwenhywfarguile-develgtkspell-develgucharmap-debuginfogtkutils-datagtk-sharp-completesambaTCP.*.*gwc-debuginfogtkspellgtksourceview-debuginfoguile-debuginfogtksourceview-sharp2gtk-sharp2-completegwenhywfar-debuginfogwenviewgtkpbbuttonsg-wrapgwenview-langgtksourceviewgwget-debuginfogtksourceview-sharpgzip-debuginfogtk2-devel-64bitgtk-32bitgtk-debuginfogtk2-engines-debuginfogvimgtkglext-docgstreamer-debuginfogtk-sharp2-debuginfogtkglextgtkhtml2gtkhtml-develgtkglext-develgstreamer-pluginsgtksourceview-docgxdview-debuginfoOledlg.dlletherealgtk1-compat-develgtk-sharp-gapigutenprint-develgtk2-develgtkcardgwcgtk-xfce-engine-debuginfogtkhtmlgstreamer-docgstreamer010-plugins-goodgtk2-engines-32bitgtktalog-debuginfogurlcheckergtkpodgtk1-compatgupgtkzip-debuginfogtk-docgucharmap-develgstreamer-plugins-develgtkhtml-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\PlayerUpgradePlayerVersiongstreamer010-plugins-good-extragstreamer010-plugins-base-visualgstreamer010-plugins-ugly-docgtk2-32bitgstreamer-plugins-64bitQuery.dllgtkam-debuginfogstreamer010gtkglareagwenhywfar-develgtetrinet-debuginfogstreamer010-plugins-base-debuginfogstreamer010-docgtktaloggstreamer010-plugins-base-32bitgsynapticsgthumb-debuginfogstreamer-plugins-extragtkpbbuttons-debuginfogtk-xfce-enginegtkmm24-debuginfogtkitermgtk-qt-engine-debuginfogstreamer010-develgurlchecker-debuginfogstreamer-64bitgthumbgstreamer010-plugins-badgtk-enginesgspcav-kmp-debuggtk-sharp2-docgtklp-debuginfogspcavgtk-qt-enginegsmlib-develgrassgstreamer-plugins-32bitgtk-sharp-debuginfogxdviewgtkspell-docgrep-debuginfogroff-debuginfogtk2-themesgsl-debuginfographviz-plugins-debuginfogscpmgtkmm24-develgofficegnutls-develHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832894Installedgtkhtml-sharp2gtk-sharp-32bitgpsbabelgstreamer010-64bitgstreamer010-plugins-base-develGraphicsMagick-debuginfosqlsrv32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q832483IsInstalledgstreamer-develgtk-qt-engine-32bitgraphviz-perlgnupodgpg-debuginfognugo-debuginfogtk2-debuginfogob2-debuginfogoogle-perftoolsgtkamgnutls-devel-64bitgstreamer010-plugins-base-oilgoffice-develgtetrinetgnuchessgnome-web-photo-debuginfogroffgok-debuginfoGraphicsMagick-c++-develgoobox-debuginfogtkutils-debuginfopostfix.*.*.*gnutls-devel-32bitgpm-debuginfographviz-javagtkspell-debuginfogpg2-debuginfogromacsgnucash-debuginfogpsbabel-debuginfogok-docgtk-sharp-64bitgromacs-develgnutlsgpm-64bitgstreamer-32bitgrepmaileog/usr/bineoggnome-terminalgraphviz-phpgnome-utils-debuginfogstreamer010-plugins-base-64bitgocr-debuginfogos-wallpapersgooboxgstreamer010-plugins-basegnuboygobbygnucash-docsgnuplotgtkglext-debuginfoGraphicsMagick-c++gnumeric-develgpgmegnu-efignugkgnome-vfs2-develgromacs-debuginfogtksourceview-develgstreamer-plugins-excessgstreamer010-debuginfognucash-develgoom2k4-rc2gnome-utilsgup-debuginfognugk-debuginfogphoto-debuginfographviz-docgphotofs-debuginfogsf-sharpgperfgst-plugins-farsightgnome-printer-add-debuginfogstreamer010-plugins-good-docgnome-vfs2-32bitgnome-vfs-monikersgtklpgoogle-perftools-develgnome-print-debuginfoSUNWdthep107178
108949
116308
gtkdocTOUR_PRODUCT.T-NET2-KRNgnome-python-desktop-debuginfognump3dgnome-phone-manager-debuginfogmime-develgucharmapgnomebakergtkpod-debuginfognome-filesystemgphotofsgmp-64bitgnome-commander-debuginfognome-keyring-debuginfognome-desktop-debuginfogmp-32bitgqview-debuginfognome-panel-extrasgnushogigoffice-debuginfoglibc-profile-64bitgnet-debuginfognome-system-monitor-debuginfographviz-rubygnome-bluetooth-debuginfognome-menus-debuginfoglitzgnome-keyring-docglobalgst-plugins-farsight-debuginfoglibc-profilegnet-docgtk-develgnuboy-debuginfogtkhtml2-debuginfognome-vfs-develgnome-sharp2gtkmm24graphviz-luagtkutilsgnome-session-debuginfognome-pilot-conduits-debuginfognome-pilotgramofile-debuginfoglestglibc-htmlgrip-debuginfogsl-develgxmhtmlglib-devel-64bitgnome-gamesgraphviz-tclgkrellm-debuginfoglabels-debuginfogstreamer010-plugins-bad-docgpmgnome-commongnome-doc-utilsgnome-commandergspcav-kmp-defaultHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883935Installedgnome-menus-32bitgnome-netstatusgnome-menus-develgnome-spell-debuginfognash-debuginfogoogle-perftools-debuginfoglib2-docgnutls-debuginfoglitz-develgnome-keyring-develgnome-main-menu-debuginfognome-vfs2-debuginfognome-sessionglibc-locale-32bitgtkmm2-debuginfognumeric-debuginfognomemeeting-debuginfognome-vfs2-docgpm-32bitgpdf-debuginfognuservgraphviz-sharpgnome-applets-develgnome-libs-debuginfographviz-pluginsgnome-desktop-32bitgnome-panel-32bitgnu-jafgnome-keyring-managergnu-regexpgraphviz-guilegraphviz-develgstreamer010-plugins-uglygnome-nettoolglest-datagtk-engines-debuginfoGraphicsMagick-develgtk2-docgtk2-engines-64bitgnomeicugnome-volume-manager-debuginfognokii-smsdgnome-alsamixerglibc-debuginfognome-mime-datagnu-inetlibgnome-doc-utils-develgnome-desktop-docgpgme-develgnome-applets-debuginfognome-main-menu-develgnome-menusgnu-regexp-javadocgqviewgnomemeetinggob2glibmm2-debuginfogsynaptics-debuginfoglib2-develgnome-mount-debuginfoglibc-localegutenprintg-wrap-develgnome-media-develHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\RasManStartgnome-cups-manager-develglitz-64bitgnutls-64bitgkermit-debuginfognu-javamailgraphviz-debuginfognushogi-debuginfognome-power-manager-debuginfogocrgnome-speech-develpine/usr/binpinegpa-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\.NETFramework\policy\v1.0HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\NET Framework Setup\1.0\M886905InstalledHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\.NETFramework Setup\1.0\M886906Installedgonvertglib-sharp2gnome-desktopgkermitgramofilegnome-menus-64bitHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\Tcpip\ParametersSynAttackProtectgqcam-debuginfognome-audiogok-develglibc-64bitgnome-desktop-develglibmm24-develgslgnokii-develgjdocgnopernicus-develgpgme-debuginfognome-pilot-debuginfogtk2-enginesgpdfglitz-32bitglitz-debuginfognome-cups-managerglib-devel-32bitglibc-develglade-debuginfognomeicu-debuginfogecko-sharpgpgghostscript-fonts-othergnome-pilot-conduitsgnome-utils-docgnome-mediag-wrap-debuginfogexifgwgetgiflib-devel-32bitgnatsgimp-cmyk-debuginfogdome2-develgqcamgnome-python-desktopgnome2-SuSEgltt-develgladeglade-sharp2gspcav-kmp-ppc64gnome-phone-managergdbm-32bitHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600208}DisplayVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*DisplayNamegnome-screensaver-debuginfogphotoglibc-32bitgnome-vfs-monikers-debuginfogeronimo-tomcat-servlet-containergnopernicus-debuginfonetapi32.dllgrub-debuginfogettext-debuginfogimp-helpgiflib-progsglib2-32bitgnome-system-toolsgd-develginacgperf-debuginfogjiten-debuginfogettext-java-debuginfogimp-unstable-docgemdropx-debuginfognome-keyring-manager-debuginfogl-117-debuginfognopernicusgconfmmgconf-sharpglibcgnome-spell2gscmxxgnome-presence-applet-debuginfognome-print-develghostscript-fonts-stdghexgnome-mag-develgstreamer-plugins-defaultgnome-resetgnome-nettool-debuginfognome-icon-themeglabelsgnome-pilot-conduits-develglibc-devel-64bitgenromfsgnome-python-desktop-docgc-debuginfogftp-debuginfogcc42-obj-c++git-core-debuginfoglibc-i18ndatagpsdrivegmimegnome-themes-debuginfogcc42-gij-64bitgnome-bluetooth-develgpaglchess-debuginfognome-speechHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Proxy ServerMicrosoft Proxy Serverw3proxy.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888258Installedgnome-presence-appletgnome-media-debuginfogcc41-32bitgconf2-docgkrellmgettextgconf-editor-debuginfognuplot-debuginfophpgmp-devel-32bitgecko-sharp2-docsglttgnu-getoptgcc-objc-64bitgtk2-64bitgdbm-develsqlisapi.dllgcc-localegtk-sharp2-64bitgit-coregftpgiflib-32bit112960
/etcnsswitch.conf^[^#].*_attr.*ldapgimp-develgnome-magssinc.dllgnome-games-debuginfogscpm-debuginfogdk-pixbuf-develgnuserv-debuginfogconfmm-debuginfogcc42-c++git-cvsgecko-sharp2gedit-debuginfogcc-gijgnome-pilot-develgdb-64bitgexif-debuginfogdmgnome-web-photogtk-sharp2gnome-netstatus-debuginfogconf-debuginfognucashgettext-32bitgimp-cmykgconfmm-develgentoo-debuginfogmp-devel-64bitgnome-bluetoothgecko-sdkgiflib-devel-64bit^(/usr)?/bin$admintoolgdk-pixbuf-64bitgmime-docgnokiighostscript-omnignome-terminal-debuginfognome-themes-64bitgnet-develgcc41-c++gcc41-gij-32bitgdk-pixbuf-gnomeglib-sharpgltt-debuginfognome-panel-develgconf2gnome-sharpgcc41-64bitgnutls-32bith323fltr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\291InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Fpc\\Arrays\\\{[^\\]+\}\\Extensions\\Proxy-Plugins\\\{FE440D49-AB26-11D2-A101-00C04FB6CFB6\}$msFPCEnabledgd-debuginfogcc41-testresultsgnome-speech-debuginfognome-vfs-sharp2gcc-fortran-64bitgdbm-devel-32bitgcc42-64bitgforth-debuginfoglibmm2-develgentooexprox.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\832759HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MSExchangeWEB\DAVReuseConnectionsgtk-qt-engine-64bitgnome-mountgcc41-objc-32bitgeki2glib2-64bitgpart-debuginfogsmlibghostscript-x11gcc42-objc-64bitgnome-main-menugettext-64bitggv-debuginfogdm-debuginfogcc-mudflap-64bitganglia-monitor-core-gmondmswrd6.wpcgnome-vfs2-64bitghostscript-ijs-develgnome-system-monitorgcc-fortran-32bitgnome-printgcc-32bitgnome-vfsmm-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB873339\Filelistgnome-vfsgnome-libs-64bitgforthgcc-javagcc41-infogenromfs-debuginfogarlicgcc42-fortran-64bitgpg2gcc41-debuginfoglade-sharp108827
108901
108451
113319
11233
ghex-debuginfogambas2-gb-qt-kdegail-32bitgcc-c++gaimgal2-debuginfogambas2-gb-sdl-openglgnome2-user-docsglibmm24gcc-mudflapghostview-debuginfognomebaker-debuginfogspcav-kmp-bigsmpglibc-infoglibc-locale-64bitHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB893086\Filelistgmp-debuginfoggvgcc41-gij-64bitgtkmm2-develglibc-profile-32bitgconf2-debuginfognome-libs-develglobal-debuginfoperl-CGI111826
gcc41-fortran-32bitgawkgal-develgtkzipgeronimo-jetty-servlet-containergnu-regexp-demogambas2-gb-formhtop-debuginfogcc41-javagcc-objc-32bitpam_smbhypermail-debuginfogawk-docgambas2-gb-openglgcalgtkmm2grass-debuginfogcal-debuginfohylafax-clientgnome-panel-debuginfogtk-sharp2-gapigwenview-debuginfogcc42-testresultsgiflib-64bitgambas2-gb-qtgambas2-gb-xml-xsltgnome-vfsmm-develgambas2-gb-ldapgimp-unstablehtmldoc-debuginfogcc-ada-32bitgal2-develgnome-libsgcc42-objc-32bitgnome-printer-addgnome-panel.*krb5kdc.*gfxbootgnome-themes-32bitgamin-develhwinfo-debuginfogconfgambas2-gb-sdl-soundgawk-debuginfohuginhtml2text-debuginfognome-backgroundsgc-develhpijs-standalonehwinfogtkglarea-debuginfohotkey-setup-debuginfogcc42-32bitgambas2-gb-evalhplip-debuginfogcalctoolgnome-themesgeronimo117470
116966
116965
118822
118305
gcalctool-debuginfohfsplusutils-debuginfohtdig-debuginfohtml2psgimp-unstable-debuginfognome-patch-translationgnome-panel-64bitgnome-volume-managergcc42-adagimp-debuginfohfsutils-debuginfogambas2-gb-dbgnome-keyringgdk-pixbuf-32bitgnome-screensaverhbedv-dazuko-kmp-smphermesgalago-sharpgnome-media-cdgdome2gdbm-64bitghostviewhdparmgraphvizgnome-desktop-64bitgambas2-gb-crypthbedv-dazuko-kmp-xenpaeheroes-tron-debuginfogcc42-fortran-32bitopensslopenssl-developenssl-perlopenssl096openssl096bhydrogenheroes-trongammu-develgfxboot-debuginfoGraphicsMagickgcc42-infogail-dochanout-debuginfogit-svnghostscript-fonts-rusgriphelloHLaTeXgau-debuginfohercules-debuginfogimpgit-debuginfogaim-galago-debuginfogal2gnashgambas2-gb-xmlsecdrv.sysghostscript-library-debuginfogbuffyhtdiggamix-debuginfogambas2-gb-net-curlgtkhtml2-develhelix-bansheehanoutgdcharthpijs-standalone-debuginfoRmcast.syshelix-banshee-develhelix-dbus-server-debuginfohmconv-debuginfogettext-develfuse-develgcc41-adagconf2-develhbedv-dazuko-kmp-xengconf-editorgambas2-gb-gtkfyrehk_classes-develgbdfedhelix-banshee-engine-gstgtk-64bithello-debuginfogstreamer010-32bithelix-banshee-plugins-extragmime-debuginfoHLaTeX-fontsgambas2-gb-compressfrozen-bubblegnu-cryptofreetype-toolsfribidi-32bitfs-checkgtk-sharp2-32bithcodeHLaTeX-fonts-extraheap-buddy-debuginfogail-debuginfogedit-docghostscript-cjkhostapd-debuginfognome-cups-manager-debuginfohk_classes-debuginfogambas2-gb-qt-extgettext-javafuse-debuginfoginac-debuginfohtdig-docgaim-debuginfohbedv-dazuko-kmp-bigsmpgnomedb-sharpfyre-debuginfofwnn-debuginfognats-debuginfogdk-pixbufFreeNXgnu-crypto-javadochelix-dbus-servergambas2-gb-qt-kde-htmlhwinfo-develhp2xx-debuginfosp3res.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822679Installedfreeradius-dialupadminglib2-debuginfohelix-banshee-engine-helixhelp2man-debuginfohk_classesgnome-blogfusefuseisohelix-banshee-plugins-defaultgnome-power-managerfreetype-debuginfofreeradius-client-debuginfofwnncomhugin-debuginfofreeradius-client-libsfreesci-debuginfogedit-develgcc41-fortran-64bitganglia-monitor-core-debuginfognome-vfs2gconf2-64bithtdig-develgraphviz-ocamlgail-64bitfonts-thryomaneshbedv-dazuko-kmp-defaultgokhtopglibmm24-debuginfohermes-debuginfohanterm-xffrisk-debuginfohostap-utils-debuginfogaim-bsfreetype2-debuginfogtkhtml-sharphbedv-dazukognome-spell2-debuginfofontconfig-32bithelp2manfoomatic-filtersfuse_kio-debuginfogamin-debuginfofreealutopenssh-serverhmconvhtml-dtdfreeglut-devel-64bitgaim-otr-debuginfogambas2-gb-vbgnome-utils-develfox16-example-appsgeditgdome2-debuginfoopenssh-server.*.*.*hicolor-icon-themehordegambas2-ideformido-musicgtkcard-debuginfogcc41-obj-c++gambas2-gb-xml-rpcftwnnfontconfig-devel-32bitfreeglut-64bitfreqtweakhal-resmgr-debuginfofortune-debuginfognome-vfs-debuginfofvwm-themesgambas2-gb-infognu-getopt-javadocfreeradius-client-develgstreamer010-plugins-good-debuginfo110057
110060
116462
nfs-utils.*.*.*gambas2-gb-v4lgcc42-gijfribidi-debuginfoglib2framebuffergalago-gtk-sharphp-officeJet-debuginfofreeipmi-debuginfofreefontgnome-keyring-32bitgimp-docftgl-develfrox-debuginfogconf-sharp2free-ttf-fontsHLaTeX-fonts-baseFooBillardfrinkfreetype2-develgnome-appletsformido-debuginfoghostscript-libraryhalhal-64bitgammu-debuginfofortunefrozen-bubble-debuginfofwnndevHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q269862Installedfreetype2-devel-64bitgnome-spellgal-debuginfofribidi-64bithostap-debuginfofreetype2-32bitgobby-debuginfognome-mag-debuginfogstreamer010-plugins-base-docgimp-unstable-develflymqrt.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB892944InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSMQfrink-debuginfofvwm2gcc41-objc-64bitWUFTP-26.INETSVCS-FTPganglia-monitor-corehal-resmgrhylafax-debuginfogaim-develgcc-obj-c++graphviz-pythonFOTAQfnlib-debuginfofreeglut-debuginfohelix-banshee-plugins-DAAPgnome-keyring-64bitfreeglutfusepod-debuginfoherculesgcc-64bitgambas2-gb-qt-openglmysql-server.*.*.*fxload-2002_04_11gst-plugins-farsight-develgrubhatarifirmwarekitgit-emailgambas2-gb-pcregpsdrive-debuginfogda-sharpfftw-mpi-develftglfreeradius-clientfbi-debuginfoFAUmachine-suse-90ghex-develfltk-develgdb-debuginfohostapdmutt/usr/binmuttfrontlinefile-roller-debuginfofdecc-debuginfohelix-banshee-debuginfoglchessfreeipmi-develfpinggalago-daemonfopfilesystemfast-user-switch-appletfetchmailconffusepodgsmlib-debuginfofindutilsfbset-debuginfognumericheap-buddyheartbeat-pilsf-spotfreetype-32bitfestival-develfroxfox16-staticgsf-sharp-debuginfoflphotoglibmm2heartbeat-debuginfofreealut-debuginfoflac-xmmshal-docgambas2-gb-imagegenisoimagefcwnncomfbitermlvgnokii-debuginfofluidsynthfox16flim-xemacsfilters-debuginfohp-officeJetfile-rollergambas2-gb-net-smtpfkwnndevhal-develmsohev.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Common\InstallRootPathhp2xxFAUmachine-debian-30r0hfsplusutilsFA_clalsadrvgraphviz-gdfping-debuginfoFAUmachine-suse-92hostapFastCGI-debuginfogit-archfdupeszipfldr.dllfetchmailFreeNX-debuginfogpartfast-user-switch-applet-debuginfofinch-develflood-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\9.0\Publisher\InstallRootheartbeat-stonithglibc-devel-32bitexiftoolFAUmachine-openbsd-36fftw3-threads-develmsphlpr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FpcInstallDirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\408Kbsgnugofreescifftw3-debuginfoevolution-sharphal-gnomeexo-debuginfogdbm-devel-64bit118562
121230
121229
118563
evolution-exchange-docexogcdmasterfwnn-develesoundethereal-debuginfofreeradius-debuginfofreealut-develheartbeat-cmpihowtoenhemilerubyflimetherape-debuginfotlntsvr.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q307298IsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TlntsvrStarteclipse-pdeeclipse-gtk2FAUmachine-openbsd-35evolution-webcalfonttoolsgnome-vfsmmfxload-debuginfo-2002_04_11edict-emacsfigletlprng/usr/libexec/filterspsbanner.*.*.*FA_clalsadrv-debuginfofly-debuginfoemu-toolsexim-debuginfoejectevolution-data-server-docflaceblookFileZilla-debuginfoejb-javadocevolution-data-server-64bitecj-bootstrapFA_clthreads-debuginfoeclipse-scriptsflac-64bitflex-64bitfvwm2-gtkPHNE_33412InternetSrvcs.INETSVCS-RUNfreeradius-develsrv2.sysf2cgalago-daemon-debuginfoenlightenment-debuginfognome-panel-docgnome-system-tools-debuginfofftw3-develevolution-sharp-debuginfofftw-mpi/usr/lib/dmidmispd.*100068/2-5/usr/dt/binrpc.cmsd^.*dmispd.*108541
hfsutilsfillupexo-develebview-debuginfoFAUmachine-baseeclipse-subversiveenchant-debuginfoebtables-debuginfo-v2/etcnsswitch.conf^[^#]*hosts:.*dnsaspnet_filter.dllFastCGI-develeel-64bitfreqtweak-debuginfoElectricFence-debuginfoevolution-pilotenscript-debuginfogcc41-localefontforge-debuginfoFA_clthreadsformidogcc42-javaecryptfs-utils-debuginfohal-32bitfreetype-64bitgnetFAUmachine-debuginfofilesharesetebdevelilo-debuginfoemacs-lisp-introez-ipupdateevolution-data-server-debuginfoe2fsprogs-develgaim-galagoethtool-debuginfofinchfnfx-debuginfofusesmb-debuginfoebviewflash-playerexpect-debuginfoenblend-debuginfoeblook-debuginfofastjargammuevince-debuginfoenigmagnome-libs-32bitgnome-alsamixer-debuginfoevolution-debuginfoeazyFlightGearevolution-galago-debuginfoenchant-develepiphanyfarsight-debuginfoheartbeat-guiglibc-obsoletefbifam-develeIDconfig-belgiumfftw3-threadsexiftranhtml2textevolution-data-serverfftw-debuginfoepplet-base-debuginfofltk-debuginfoethtooleel-32bitfftw-threads-develhowtofreeipmi-utilsfreeglut-32biteiciel-debuginfoevolution-galagoexifprobeeximstats-htmlemacs-urlepiphany-extensionsfribidi-develfontconfig-devel-64bitevms-hafonts-arabicfltkethereal-develetherealkdelibs/usr/binkonquerorflac-xmms-debuginfoevolution-data-server-develheartbeatgail-develdxevincefuseiso-debuginfoeID-belgium-debuginfoeclipse-platformfastjar-debuginfoPHNE_34077InternetSrvcs.INETSVCS-RUN112899
.*walld/1/usr/lib/netsvc/rwallrpc.rwalldgamixSUNWpcrSUNWpcuSUNWpsrSUNWpsudvgt-debuginfoenigma-debuginfo113073
118559
113026
122371
113994
126257
124256
116669
freecivgjitenfillets-ngeclipse-cdteclipseeclipse-cdt-debuginfoflac-32biteximonepydocemacs-noxdvgrabhplip-hpijsfamfwnngemdropxganglia-monitor-core-develepiphany-extensions-debuginfodogganglia-monitor-core-gmetadekigadvbdgaminganglia-webfrontendeID-belgiumdvi2tty-debuginfoexifprobe-debuginfoetherapeez-ipupdate-debuginfoexpat-32biteciadsl-usermodeebtables-v2freetype2-64bitesound-debuginfow3proxy.exewspsrv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA ServerInstallationLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\257KbsHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\FwsrvStartfkwnndrbd-kmp-xendocbook-xsl-stylesheetsdosemu-debuginfodosutilsf2c-32bitfribidifriskfreeradiusefont-unicodedvbstream-debuginfodos2unix-debuginfo108574
108162
108416
110898
109324
docbook2xDirectFB-develFlightGear-datadocbook_3emacs-vm-debuginfoeperlnwrdr.sysdrbd-kmp-iseries64exifdovecot-debuginfoFA_clxclient-debuginfodoxygenepic-debuginfoeruby-develHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9161A261-6ABE-4668-BBFA-AD06B3F642CFMicrosoft Exchangexlsasink.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\KB894549.*fillets-ng-data109613
112810
SUNWdtdstfftw3gambas2-gb-sdlekiga-debuginfohydrogen-debuginfodosfstools-debuginfofontforgedrbd-kmp-smpevolution-exchangedvgrab-debuginfoeposexpectfam-32bitfestival-debuginfohbedv-dazuko-kmp-debugdigikamimageplugins-debuginfoe2fsprogs-debuginfofindutils-debuginfodiald-debuginfoFAUmachine-suse-91heartbeat-ldirectordemacs-vmdoc++firmwarekit-debuginfoemacs-calcemacs-elfinger-debuginfofluidsynth-develdos2unixdovecotfcwnnfftwdx-debuginfodosbootdiskdocbook2x-debuginfoeel-develgaugitkdhcp-toolseelhal-debuginfogaim-otrfox16-debuginfof-spot-debuginfofcwnndeveicielElectricFenceDirectFB-64bitfam-serverfuse_kioetherbootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873339\Filelistfiglet-debuginfofnlibdnsmasq112238
SUNWCryr112390
112237
120469
112240
112537
120470
112536
SUNWCrydx-develdigikamimageplugins-superimposeenchantgiflib-debuginfodvi2ttydiffutils-debuginfoflamethrowerejb/etcnamed.conffluidsynth-debuginfodvd+rw-tools-debuginfogdk-pixbuf-debuginfodialdeject-debuginfogcc-infofinger-serverenblenddoc-gnu-koFAUmachinedrbd-kmp-debugengine_pkcs11flooddinatdeltarpm-debuginfodvbtune-debuginfodjvulibreemacs-debuginfodocbook_5devel_rpm_buildencfsdssie2fsprogsdesktop-data-SuSE-extradhcp-serverdevice-mapper-32bitfontconfig-debuginfofonttools-debuginfogconf2-32bitdietlibc-debuginfodevsdhcp6dragonegg-debuginfofdeccdevilspieelisp-manualfarsight-develefont-serif-ttfdita-otdrbd-kmp-xenpaediffmkflex-olddictsdigikam-lange2fsprogs-devel-64bitdovecot-develdhcdbd-debuginfoFileZillaexpat-debuginfoevms-guiericdjvulibre-debuginfodocbook_4eximdevice-mapper-develdelayacct-utils-debuginfofacesfftw-develdcraw-debuginfodosemufrontline-debuginfodiffstat-debuginfodigikam-doceperl-debuginfodevhelp-debuginfoddiwrapper-debuginfogcc42-localedocutilsdeskbar-appletdejagnufam-64bitdoxywizard-debuginfoddskk-xemacsfarsifontsdictd-debuginfodrbdengine_pkcs11-debuginfofluidsynth-dssievms-develdesktop-file-utilsdvb-debuginfofirmwarekit-r1gbuffy-debuginfodx-dataFAUmachine-redhat-9freetype2hcode-debuginfodocbook-simpleddclientdigikam-debuginfodevice-mapper-debuginfodietzlibdhcp-clientdog-debuginfoeel-debuginfodds2tarfusesmbdeb-debuginfoexpat-64bitdoxywizarddrac-debuginfoflex-old-debuginfoFastCGIdmapi-develdrbd-kmp-bigsmpgambas2-runtimedocbook-toysDirectFB-32bitemacs-x11delayacct-utilsf2c-debuginfodocudirhostap-utilsfreetypedbxmlSUNWntpu109409
109667
/usr/lib/inet/xntpdeciadsl-usermode-debuginfoemacs-infodvbstreamdhcpcd-debuginfoht2htmlevince-docshell32.dlldictddrgeo-debuginfoFAUmachine-fc-3engdicdrbd-kmp-defaultemacs-w3-cvsdoxygen-debuginfoemu-tools-debuginfodesktop-file-utils-debuginfogbdfed-debuginfoHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0150048383C9}DisplayVersiondbxml-utilsdmapi-debuginfodevice-mapper-64bitdhcp-debuginfoexif-debuginfodirmngrecryptfs-utilsdragoneggdbus-1-qt-32bitdocbook-tdgHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318593Installedeog-debuginfoFooBillard-debuginfodoc++-debuginfoelilodosbox-debuginfogarlic-debuginfodocbook-xml-slidesdviutils-debuginfoddt-debuginfofreeglut-devel-32bitdosfstoolsdhcpcdgaildbus-1-qtdb-javadbus-1-glibdrgeoflphoto-debuginfohplipenscriptdazuko-kmp-xenpaedmraiddbus-1-qt3dbus-1-pythondatakiosk-debuginfoflex-debuginfodocbook-css-stylesheetsdetex-debuginfodbh-debuginfogambas-debuginfoesound-64biteclipse-archdepddd-debuginfodb-debuginfofontconfig-develdietlibcdbviewdhcp-tools-debuginfodbench-debuginfodbus-1-32bitdviutilsdbus-1-python-develdb42-debuginfodevhelpHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923-IE6SP1-20050225.103456deskbar-applet-develdb43-javaHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TFTPD\ParametersMastersHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TFTPDgambas2-gb-netddskkctagsdatakioskepiphany-develgambas2-gb-debugcyrus-sasl-32bitdbus-1-python-debuginfofreeciv-debuginfohhsetup.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323255Installeddeltarpmfftw-threadscyrus-sasl-gssapigambas2-gb-db-formdbus-1-develcscope-debuginfodmraid-debuginfogambasfonts-configderbyasp.dllddrescue-debuginfodejavucyrus-sasl-devel-64bitcyrus-sasl-saslauthd-debuginfog3utilsdds2tar-debuginfocsmash-debuginfodbus-1-qt3-32bithypermailcyrus-sasl-sqlauxpropcvs2svnflac-develddtcurl-ca-bundledbxml-develcups-SUSE-ppds-datcurlftpfs-debuginfodrbd-kmp-ppc64cross-spu-binutils-debuginfofreetype2-devel-32bitdb-develcyrus-sasl-64bitdbus-1-javad4x-debuginfocryptix-javadocdrbd-debuginfodbus-1-monocross-spu-gccdesktop-data-SuSEdante-develdb40-64bitdbenchcsound-debuginfodtc-debuginfodingdapiflac-bmphtmldoccross-spu-gcc-staticcross-spu-newlib-debuginfofindutils-locatedhcp6-debuginfodcrawevmsdapi-develcyrus-sasl-develdhcdbddapldb43-develhanterm-xf-debuginfodb41-debuginfoencfs-debuginfodesktop-translationsdirmngr-debuginfoCrystalcursorscross-spu-newlibcross-x86_64-binutilshotkey-setupfetchmail-debuginfodiffstatft2demosdbus-1-qt-64bitdazuko-kmp-debugfnfxcross-spu-gcc-debuginfoe2fsprogs-32bitdb1-32bitflexfp5areg.dllfp30reg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared Tools\Web Server Extensions\5.0\Setup PackagesMicrosoft FrontPage Server Extensions 2002dbus-1-devel-docec-fonts-mftracedlibpnglibpng-devellibpng10-devellibpng10cyrus-sasl-plaincryptix-asn1-javadocdb40-32bithdparm-debuginfodbus-1-mono-debuginfodirdiffcryptconfigcups-backendsdes-debuginfoevms-debuginfodcraw-gnomedapi-debuginfodocbook-utilsdocbook-xml-websiteepplet-basedapi-kdehermes-develfp4areg.dllfp30reg.dlldocbook-dsssl-stylesheetsdraceclipse-jdtdapl-develhandedictfhsdosboxcryptconfig-debuginfoddddb-32bitdbus-1-glib-doccross-spu-gcc-static-debuginfocross-avr-gcc42ctwmeruby-debuginfocyrus-sasl-crammd5wmasf.dllwmsserver.dllWmvcore.dllfvwm2-debuginfodb43-64bitemacs-auctexdockutilseclipse-sourcedbus-1-debuginfodbus-1-glib-32bitdevice-mappercups-driversdb1-64bitdbhcross-ia64-gcc-icecream-backendepos-debuginfocracklib-debuginfodb-utilsctapi-cyberjack-64bitcyrus-sasl-saslauthd106950
109147
112963
dazuko-kmp-default120954
SUNWamsvccrafty-debuginfodbus-1-x11cross-arm-binutilscups-libscyrus-sasl-devel-32bitcscopedbus-1-glib-develdb42-32bitdb-java-debuginfodbus-1-gtkcross-ppc-gcc-icecream-backendesound-develcross-x86_64-binutils-debuginfowebvw.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB894320\FilelistHKEY_CURRENT_USERSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AdvancedWebViewcross-mips-binutils-debuginfocross-alpha-binutilsdb-doccsmashcpio/bincpiodialogcourier-authlib-pipeevolution-data-server-32bitcross-sparc-gcc-icecream-backendcross-ppc64-gcc-icecream-backenddevel_rpm_build-64bitftgl-debuginfocontrol-center2-debuginfocpufrequtils-32bit/etcsystem^[^\*]*set.*c2audit.*devhelp-develdbus-1-glib-debuginfocracklib-64bitcups-debuginfocross-spu-binutilscross-hppa-binutilscpufrequtils-debuginfoctapi-cyberjackfam-debuginfocsindexHKEY_LOCAL_MACHINESOFTWARE\Microsoft\.NETFramework\policy\v1.1HKEY_LOCAL_MACHINESoftware\Microsoft\NET Framework Setup\NDP\v1.1.4322SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\.NETFramework Setup\1.1\M886903InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\.NETFramework Setup\1.1\M886904Installedcompiz-debuginfodbus-1-x11-debuginfofreeipmidasherdazuko-kmp-bigsmpdialog-debuginfocups-clientdantecross-arm-binutils-debuginfof2c-64bitcoolmailemil-debuginfocvsupfestivalevolution-webcal-debuginfoOS-Core.ARRAY-MGMTOS-Core.ADMN-ENG-A-MANPHCO_23262OS-Core.ARRAY-MGMTOS-Core.ADMN-ENG-A-MANcross-s390x-binutilscron-debuginfoepiphany-debuginfocompface-debuginfocoriandercompat-openssl097g-32bitfreeglut-develcryptsetupcyrus-sasl-digestmd5CommonC++-docfilterscontrol-centerdhcp-relaycrack-attack-soundsdssi-debuginfodev86configure-thinkpad-debuginfoditacompiz-cvs_060503cryptix-asn1courier-authlib-userdbddrescuecross-avr-binutils-debuginfocross-s390-binutilscourier-authlib-develdb1-develdevilspie-debuginfocook-debuginfoelibcourier-imap-debuginfocompfaceSUNWsshdu/etc/sshsshd_config^[^#]*ListenAddress.*0\.0\.0\.0fillets-ng-debuginfocompat-debuginfocrack-attack-debuginfoConsoleKitfox16-devel/etc/httpd/conf.dphp.confdasher-debuginfoconcurrent-javadoccvs-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q890175Installedclncurl-64bitcroncmatrixcracklibcompat-neon024-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824245Installedcloop-kmp-iseries64compat-curl2-debuginfodb1-debuginfodmapicontact-lookup-appletctags-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP1\KB824105\FilelistinstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824105\Filelistinstallednetbt.syscurl-32bitcross-mips-binutilsfonts-thaicookdartscloop-kmp-bigsmpcm-unicodecoriander-debuginfoconcurrentfillup-debuginfoepiphany-doccompat-g77-debuginfocross-i386-binutilsfontconfig-64bitcups-libs-32bitcompat-32bitfontconfig113073
SUNWlvmr/etc/rc[2-4].dS[0-9][0-9]svm.init/etcvfstab^/dev/md/db42-64bitcontrol-center2-develcompat-libstdc++-64bitdtcepicHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB893086\Filelistesound-32bitclaws-mail-debuginfocross-x86_64-gcc-icecream-backendcmatrix-debuginfocourier-authlib-pgsqlcourier-imapphpcross-sparc-binutilscompat-curl2-64bitcompat-g77compat-openssl097g-64bitdigikamdazukocryptsetup-develculmusConsoleKit-debuginfocourier-authlib-ldapdeskbar-applet-debuginfocommoncpp2-docclisp-debuginfochromiumdbus-1-qt3-debuginfocheck-64bitflex-32bitcheckmedia-debuginfocln-debuginfocompiz-develclanbomber-debuginfocjk-latex-hbf-cns40-b5d4xfluidsynth-dssi-debuginfoclaws-mailcomgt-debuginfocpufrequtils-64bitcourier-authlibcups-develcurl-develdante-debuginfoevolution-exchange-debuginfocryptixcompartm-debuginfoclaws-mail-extra-pluginsconglomerate-debuginfocourier-authlib-mysqlclanlibcpp42cross-avr-gccctwm-debuginfocyrus-sasl-ldap-auxpropeogcontrol-center2cryptsetup-debuginfochromium-debuginfocontrol-center-develSUNWbip118313
116986
116774
111600
^/usr/sbin/sparcv.$whodocheckbotdb43-32bitcross-s390-binutils-debuginfoddt-clientCID-keyed-fonts-Wadacross-sh4-binutils-debuginfodbxml-debuginfochemtool-debuginfoclucene-coreComctl32.dllcurl-debuginfochkrootkitflac-debuginfocross-alpha-gcc-icecream-backendclasspath-javadocscompat-expat1csoundcyrus-sasl-debuginfocpiochemtoolcross-ia64-binutils-debuginfoclaws-mail-extra-plugins-debuginfocppunitconglomeratedbus-1-glib-64bitcracklib-32bitfingerclasspath-webpluginchesscedillacompat-readline4cjk-lyxcdrkit-cdrtools-compatcross-avr-binutilschasencloop-kmp-xenpaecommoncpp2-debuginfoclasspath-webplugin-develcompat-openssl096gcross-i386-binutils-debuginfoccscript3-develcpp41cross-ia64-binutilscircuslinux-debuginfocjk-latex-hbf-jisksp40fdupes-debuginfofbsetcifs-mountfarsightcppunit-debuginfocompiz-kdecompiz-gnomecjk-latex-han-tfmvfccaudio2-debuginfocups-drivers-debuginfoddiwrapperHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q303984Installedcfengine-debuginfochmlib-develconvertcross-s390x-gcc-icecream-backenddetexcvsps-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}DisplayVersionccrtp-debuginfobzip2crm114cairo-doccairomm-develdigikamimagepluginsclasspathccrtpcvspscompiz-debuginfo-cvs_060503GDIPLUS.DLLcactibzflagcdparanoia-32bit-IIIalpha9clamavCASA_auth_token_server-debuginfocloop-kmp-debugHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Patches\9FEC06657760FC84499ED532196D45EE2Security Update for Office 2003: Wordperfect 5.x Converter (KB873378)HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanworkstationStartCASA-develcelestiacross-s390x-binutils-debuginfoCID-keyed-fonts-Munhwacolordiffclaws-mail-develcross-hppa-binutils-debuginfoccscript-debuginfodante-serverFA_clxclientcircuslinuxcvs-docbzip2-doccourier-authlib-debuginfocdesimcrack-attackcjk-latex-hbf-jfs56exmhcdrdao-debuginfocomgtconglomerate-docccscript3-debuginfocompat-openssl097gcabextractdvbd-debuginfoccgo-debuginfodb41DirectFB-debuginfocrm114-debuginfocompat-gdbmcdparanoia-IIIalpha9ccaudio2-develevolution-develcjk-latex-wadalab-maru2CommonC++cadavercastordiffutilsclucene-core-debuginfo118855
127111
118833
127112
bytefx-data-mysqlchmlibdvd+rw-toolsCID-keyed-fonts-MOEbundle-lang-kdecelestia-debuginfochkrootkit-debuginfoenlightenmentdb42-develcogitocyrus-imapd-debuginfocross-mips-gcc-icecream-backendbsd-games-debuginfobsh-democdparanoia-debuginfo-IIIalpha9CASA-kwallet-debuginfoccscript3cdda2wavcompat-expat1-debuginfobpg-fontscups-backends-debuginfocupsddk-debuginfocolorgcce2fsprogs-devel-32bite2fsprogs-64bitclanlib-debuginfonetdde.exenetdde.exenddenb32.dllnddenb32.dlldbsplit-toolsCASA-clicjk-latex-debuginfocamsource-develbsh2Botancedictcairo-32bitcdk-debuginfobsh2-demoDirectFBbootsplash-theme-SuSEbundle-lang-kde-encross-ppc-binutils-debuginfocapi4linux-32bitcontact-lookup-applet-debuginfoccaudio-develboost-debuginfoCASA_auth_token_server-develcupsddkcompat-curl2-32bitbriquolo-debuginfocallgrindcloop-kmp-xenCASA-kwalletcross-i386-gcc-icecream-backendbonobo-debuginfocannadiccdparanoia-64bit-IIIalpha9cross-avr-gcc42-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player\wm817787IsInstalledcrash-debuginfobootsplashcanna-yubinbsh2-manualbombermaze-debuginfocapi4linuxdx-docdvgtCommonC++-debuginfobonnie++-debuginfoconvmvboo-debuginfoccrtp-develcannaclucene-core-develcmake-debuginfodb43-debuginfocg-develHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823803Installeddb40-debuginfocapi4linux-64bitcurlftpfsbootloader-theme-SUSELinux-Profcairo-develbzip2-32bitboostcapisuite-debuginfoCASA-debuginfocloop-kmp-defaultcracklib-develboost-jam-debuginfocdrdaobluez-testbzip2-debuginfoccache-debuginfodb1bochs-debuginfocjk-latex-hbf-hanja65chasen-develcross-alpha-binutils-debuginfoclasspath-examplescompat-libstdc++-debuginfobzflag-debuginfocdkdhcp126661
126662
126929
126928
113318
117468
bitlbee-debuginfoimpprov.dllcanna-develcdrecordcoreutilsbluez-cupscapi4hylafaxboost-devel-64bitCID-keyed-fonts-WadaHbind-libs-64bitbios_update_toolscjk-latex-han1-tfmvfbzrbootsplash-debuginfoCASA_auth_token_client-develcracklib-dict-fullcyrus-imapdcmakebridge-utils-debuginfocastor-democastor-testHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB873339\Filelistblt-debuginfocgwdcups-libs-64bitBotan-develbootchartcommoncpp2commoncpp2-develdvbtunebundle-lang-kde-decfenginebsdtarbombercloneCASA_auth_token_client-debuginfocairo-64bitceciliaPHSS_30302PHCO_30006castor-javadocCASA_auth_token_apache2_2_supportccachebison-debuginfocompat-gdbm-debuginfoccscriptboswars-debuginfocjk-latex-hbf-cns40bundle-lang-kde-escairomm-debuginfocreaterepocaca-utilscloopbsh-javadoccjk-latex-hbf-kanji48bbtoolsbayonne-UsEngBotan-debuginfobosHKEY_LOCAL_MACHINESOFTWARE\Microsoft\.NETFramework\policy\v2.0110896
114008
blas-manblasbmp-plugins-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB821557Installedbigsisterdvbbash-completionbluez-firmwarecontrol-center-debuginfobsh2-javadocavahi-develaudit-visualizeblackboxcyrus-sasl-otpbc-debuginfocheckmediadocbook5-xsl-stylesheetsbomberclone-debuginfoshtml.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB810217InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponentsfp_extensionsbsf-javadocSUNWdtba[sx]108219
chrpathavalon-framework-javadocawesfxcheck-debuginfodnsmasq-debuginfodazuko-kmp-xencallgrind-debuginfoautotrace-debuginfoccgoavahi-qt4axis-manualdbus-1-qt3-64bitblender-debuginfobarcode-debuginfobaekmuk-ttfatmel-firmwareblackbox-develbug-buddy-debuginfobsh-manualantlr-jeditblam-debuginfocadaver-debuginfocompat-libstdc++bbcanna-debuginfodevel_rpm_build-32bitamavisd-new-20030616p9craftyautogendirdiff-debuginfoblack-box-debuginfoclasspath-jtaclispat-spi-debuginfoavahi-32bitkernelboost-develatk-debuginfocloop-kmp-smpaudiofile-64bitautoyast2-utilscdrecord-develat-spi-docbanshee-debuginfocjk-latex-han1bcm43xx-fwcutter-debuginfobeagle-gui127112
122301
117351
117350
127111
122300
bluez-utils-debuginfoautotrace-develcompat-neon024cross-hppa-gcc-icecream-backendaufs-kmp-bigsmp-cvs20070604_2bash-debuginfodhcp-develboost-jamcheck-develcracklib-dict-smallbanshee-develaudacious-develcompartmbeagle-firefoxbeagle-evolutiondb-utils-docboost-doccpufrequtilsaudit-debuginfoBitTorrent-cursesbootsplash-theme-OpenXchangeblenderauthldapavm_fcdslbluez-utilsbug-buddyHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313450Installedaspell-tnaufs-kmp-default-cvs20070604_2binutils-develaumix-debuginfoaspell-teautoyast2-installationbwidgetbeagle-debuginfobacula-serveraudacious-debuginfomsgprox.dllreplrec.dllsqlvdi.dllavahi-glib-32bitCASA_auth_token_serverbundle-lang-kde-ptaudiofilebind-utilsaspell-nyat76_usb-kmp-ppc64audacitybayonne2-UsEngcheck-32bitbsh2-classgenat-poke-debuginfoaufs-debuginfo-cvs20070604bayonne2-develcairommbigsister-server116895
117000
asterisk-odbcCASA119255
119254
b2buaccaudiocdk-develavahi-compat-howl-develbatikCASA_auth_token_pam_supportbitlbeebuffer-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980Installedastools-debuginfodb40-develbonnie-debuginfoavahi-monoastoolsautoconfcompat-openssl097g-debuginfobind-devel-64bitaudit-libs-64bitdelta-debuginfobogofilteraxpapache2-jakarta-tomcat-connectorsbin86-debuginfoasusfan-debuginfocgwd-develbootp-DD2avmfritzcapiavahi-compat-mDNSResponder-32bitasusfanblamasterisk-develaspell-trAtaAutoctapi-cyberjack-32bitaudiofile-32bitaudiofile-develapache-antbinutils-64bitcamlp4atftp-debuginfoavahi-compat-howlbsh2-bsfapache-docbarcode-develbayonneclanlib-develblueprint-cursor-themeHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\6.0\InstallerVersionMaxHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\6.0\InstallerVersionMineBook.apiHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\6.0\InstallerPathCASA_auth_token_svcaspell-tetbombermazeattr-debuginfoaspell-skdeltabind-lwresdHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSSQLServer\MSSQLServerLoginModeBASSat-spi-develcastor-doccdrecord-debuginfoblocxx-debuginfobitchx-debuginfocsindex-debuginfoalice-compatbufferHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q321599Installeddbview-debuginfoaspell-paaspell-swadminfsbison-64bitbanshee-plugins-defaultcdesim-debuginfoblocxx-64bitbinutils-32bitaspell-rudarts-debuginfocabextract-debuginfoasterisk-debuginfocjk-latex-wadalab-gothicaspell-wacross-avr-gcc-debuginfoat76_usb-kmp-bigsmpWmiScriptUtils.dllCASA-guibigsister-agentautofs-debuginfobeagle-indexautoyast2atk-develat-debuginfobcel-javadoccdda2wav-cdrkitaspell-pt_PTHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player\wm308567IsInstalledcompizbasketaspell-zuasterisk-spandspapache-develdbus-1-qt-develbacula-debuginfocjk-latex-wadalab-mincho2CheckHardwareat-pokebibviewcompat-readline4-debuginfoaudaciousasterisk-capi-debuginfoavahi-qt3avrdudecross-s390-gcc-icecream-backendclanbomberCASA-64bitavmailgateaudacity-debuginfoaspell-ndsblocxxbarcodeaudit-libs-python-debuginfoaxisavahi-glibbdfresize-debuginfobansheekernelaspell-msautofs4ckermit-debuginfoat-spiatkcairoavahiaspell-hybootsplash-theme-SuSE-Homeaufs-kmp-ppc64-cvs20070604_2aspell-yicross-arm-gcc-icecream-backendasterisk-pgsqlaspell-miatftpblasmanaspell-huapache-jakarta-tomcat-connectorsaspell-kuC:\Program Files\Internet ExplorerIexplore.exekernelkernel-hugememkernel-smpdbus-1-qt3-develSUNWxwfs113923
avalon-framework-manualchrpath-debuginfoavrdude-debuginfoclamav-debuginfoaspell-ltbonobodxmasf.dllmsdxm.ocxwmpcore.dllwmplayer.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player\wm320920IsInstalledautomakebshatitvout-debuginfobluefishbaculadbus-1-64bitdb-64bitcyrus-saslcamsourcebasket-debuginfoddskkddskk-xemacsbb-debuginfodar-debuginfocapisuiteauditbitchxaspell-ukcrash-develaudit-develatk-32bitaspell-csaspell-cycanna-libsboswarsaspell-hiaspell-afbbtools-gui-debuginfodb41-develblocxx-develaspell-mgbzip2-64bitdaraspell-bgavahi-debuginfocastor-xmlBitTorrentawstatscpio-debuginfobochsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329170InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanserver\parametersenablesecuritysignaturebmp-develaspell-hraspell-hsbaspell-debanshee-engine-gstavr-libcaspell-gdcyrus-imapd-develbeagle-thunderbirdbundle-lang-kde-frautofsawesfx-debuginfobison-32bitautologaspell-slcups-drivers-stpaspell-plaufs-cvs20070604aspell-fiarts-debuginfoaspell-pt_BRaspellcross-sparc-binutils-debuginfoarpwatch-ethercodes-buildcdpaspell-amavahi-glib-64bitarts-64bitboost-64bitbanshee-plugins-DAAPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}WindowsInstallerarpwatch-ethercodesaspell-rwashasterisk-zaptelaspell-quHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329414Installedaspell-etbcm43xx-fwcutterblocxx-devel-64bitaspell-develasciidocaaa_base_novellbltbluez-libsat76_usbaqbanking-debuginfo113273
^.*sshd.*arpwatch-debuginfobisonart-sharpbriquolobanshee-engine-helixcross-sh4-binutilscloop-debuginfoaspell-mraqbanking-geldkarteCASA_auth_token_clientcairo-debuginfocheckinstallGDIPLUS.DLLaspell-idbayonne-develapcupsd-debuginfocloop-kmp-ppc64aspell-heTcpip6.sysapache-mod_php4aspell-itaqbankingaspell-orarts-develappleirbootcycleautogen-debuginfoaspell-elavahi-64bitaumixapmdbinutilsapache2-example-pagesbashaxis-javadocasl-debuginfoasterisk-alsaaspell-roanthy-develcamsource-debuginfoapache2-mod_auth_mysql-debuginfoaqbanking-yellownet-qt3ccaudio-debuginfoMSCONV97.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\A1334AC428B43BF4E9547C55D3DFE977HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00000409-78E1-11D2-B60F-006097C998E7}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00010409-78E1-11D2-B60F-006097C998E7}DisplayVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTUREbayonne-debuginfoargus-debuginfoapache2-mod_fastcgi-debuginfoant-jdepend112604
112609
115172
/etchostname6?\.le.*apache2-mod_jkapache2-mod_tidyapt-serveraspell-taapache2-mod-apparmorappdefkoapache2-preforkatk-docbitstream-veraaspell-beCheckHardware-debuginfoaspell-srasclockarnoldaspell-hilaspell-svaspell-dictionariescpuspeedcross-ppc-binutilsaudit-libs-pythonart-sharp2autoconf-elclasspath-debuginfoant-nodepsarptables-debuginfobridge-utilsantlr-javadocant-manualat76_usb-kmp-debugapache2-mod_auth_ntlm_winbindaspell-daarcad_evalcrashgaim/usr/bingaimapache2-mod_apparmor-debuginfoaqbanking-gtk2aspell-guaspell-enapache2-mod_jk-debuginfoapache2-mod_fastcgiasm-javadocapt-libs114796
SUNWkcl2raranymCASA_auth_token_jaas_supportavahi-compat-mDNSResponder-64bitapache2-mod_pythonaqbanking-yellownetcpuspeed-debuginfoaspell-32bitapache2-mod_fcgidbinutils-debuginfoant-commons-loggingant-apache-regexpapache2-mod_murkaant-jmfant-apache-bcelcppunit-develcdp-debuginfoalsa-plugins-samplerateaspell-viamrnb-debuginfoasmkernelHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326886Installedappleir-kmp-defaultavalon-logkitbaekmukapache2-mod_apparmorant-apache-log4jappleir-kmp-debugcjk-latexSUNWkcsr[tx]114636
107337
111400
apparmor-parser113505
113508
115054
115055
SUNWscvw^/usr/apache/bin/httpd.*SUNWscvw/conf/httpd.conf.*amarok-langbalsa-debuginfobluez-gnomecoreutils-debuginfoasclock-debuginfoalsa-plugins-jackaspell-caavalon-frameworkbooksamarok-xineapache2-mod_mono-debuginfoalsa-debuginfoaseqview-debuginfoalsa-32bitaspell-laant-jaiconfigure-thinkpadHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888113Installedavahi-compat-mDNSResponder-develllssrv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885834InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\LicenseServiceStartCommonC++-develamrnbclasspath-develant-javamailacpiw-debuginfoalltrayCASA-32bitHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB890923\Filelistbmpant-junitaslant-apache-resolverapache2-mod_macroaqbanking-ofx-qt3aspell-frapache2-mod_python-debuginfoamanda-debuginfo/etcpam.conf[^#]*pam_krb5.+debug.*/etc/pam\.conf.*112908
/etc/krb5krb5.conf[^(#|_)]*default_realm[^_]*/etcsyslog.conf[^#]*(debug|daemon\.debug).*/etc/syslog\.conf115168
bind-libs-32bitarts-gmcopaspell-csbantiwordalsa-toolsaspell-brabiwordalsakernelapache2-mod_perl-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp4-20040929.111451InstalledSUNWkrbrSUNWkrbux?112925
112923
112921
alsa-plugins-maemoapache2-mod_php4acerhk-kmp-xenpaebmp-pluginsaspell-gabdfresizeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q305601Installedacroreadantarmagetron-debuginfoaelfredasterisk-capiapache2-mod_scgiapparmor-profile-editorabuseapache2-workeragfa-fontsBitTorrent-gtkaircrack-ng-debuginfoaspell-esbonnie++cg-32bitarchzoomalienacerhk-kmp-defaultaspell-bnbibview-debuginfoantiviracx-kmp-ppc64ant-apache-orochmlib-debuginfoapache2-mod_perlamtuamarok-helixclucene-core-32bitasc-debuginfoabiword-debuginfoaspell-iaclamav-dbSp3res.dllUmandlg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB842526Installedacerhkaspell-fyautotraceamarokapache2-mod_auth_ntlm_winbind-debuginfobluez-libs-debuginfocapi4linux-develaidealbumshaper-debuginfoant-antlramarok-gstreamerapache2-mod_tidy-debuginfoapache2apparmor-dbuskrb5-libskrb5-workstationaspell-gvaqbanking-kde3armagetronavahi-compat-mDNSResponderapelckermitapache2-mod_php5audit-libscheckinstall-debuginfobzflag-develant-scriptsakpi-debuginfoamarok-helix-backendagrepatk-64bitbiabamcalamarisalsa-tools-develadaptec-firmwareapparmor-provider-controlnntpsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB883935InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NntpSvcStartascalsa-64bitaudiofile-debuginfoaspell-isalsa-oss-32bitacpidbootp-DD2-debuginfoasteriskargus-client-debuginfoapparmor-admin_enabuse-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP2\KB871250\Filelistblender-docamarok-yauapaspell-mtamarok-debuginfoblocxx-doccheckacl-debuginfoant-phoneamandaalsa-utils-debuginfoapache2-develacx-kmp-debugakpichasen-debuginfoacerhk-kmp-bigsmpalsa-tools-debuginfo109007
114332
amarok-xmmsSUNWypu109328
113579
^.*ypxfrd.*alltray-debuginfoaufs-kmp-debug-cvs20070604_2bayonne2-debuginfoattraspell-mkAdobeICCProfilesalevtdplayx.dllapache2-mod_macro-debuginfoaqbanking-geldkarte-qt3albumshaperadm8211ccscript-develami-debuginfoa2ps-debuginfoaspell-debuginfoacx-kmp-bigsmpaegis-debuginfocgwd-debuginfoat76_usb-kmp-defaultacpid-debuginfo^LM/MSFTPSVC/.*$1016aspell-eoalsamixergui-debuginfoamavisd-newacct-debuginfoalsa-oss-64bitaspell-lvarts-32bitHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Publisher\InstallRootPathapt-debuginfobeagle-quickfinderarchwayacerhk-kmp-debugaaa_base-debuginfoapel-xemacsbin86apparmor-docsabcde-debuginfoappleir-kmp-bigsmpccaudio2apache2-mod_murka-debuginfotshoot.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB826232Installedacxamrnb-develbluez-hcidumpacerhk-kmp-kdumpadaptx-javadocabcdeapache2-mod_fcgid-debuginfoalsamixerguia2ps-perl-jaaspell-uzbingbootsplash-theme-SuSE-classicafs-krb5-debuginfoapparmor-profile-editor-debuginfoadm8211-kmp-bigsmpargus-serverbonobo-develconsole.exedbmslpcn.dllsqlmap70.dllsqlrepss.dllssmslpcn.dllssnmpn70.dllums.dllmsgprox.dllreplprov.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\80SharedCodereplrec.dllsqlvdi.dllapache-example-pagesaalib-64bitadm8211-kmp-defaultacroread_jaalacarteaelfred-javadocavalon-logkit-javadocargus-clientadm8211-kmp-ppc64busyboxant-swingbluez-hcidump-debuginfoant-javadocaaa_skelautolog-debuginfoDhcpcsvc.dllapache2-mod_perl-develanjuta-debuginfoaqbanking-qt3rpcrt4.dllarpwatchapparmor-profilesbbtools-guiaegisbayonne2smtpsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885881InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\SMTPSVCStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServices Versionkrb5-serverapache2-debuginfoafio-debuginfoadns-debuginfoamavisd-new-debuginfosrvsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888302Installedbsd-gamesaclHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Registration\{90120000-110D-0000-0000-0000000FF1CE}ProductNameMssdmn.exeakonadiant-apache-bsfDhcpssvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885249Installedbakefileaircrack-ngantivir-avguardant-traxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3A6819F-62D3-4750-AF1C-28206DDF2C2E}Windows Messenger 5.1msmsgs.exeapache2-docblackbox-debuginfoaspell-glavahi-pythonaqbanking-ofxanjutaabookbogofilter-debuginfoHKEY_LOCAL_MACHINESSOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923 -ie501sp4-20050225.100310Installedapparmor-dbus-debuginfoalsa-tools-guiHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}108748
108752
106541
106942
107477
108551
108754
108756
108758
108760
108762
108764
.*rpcbind.*bbtools-debuginfoaaa_baseblack-boxaspell-tlapt4rpmacerhk-kmp-xenbeagleSUNWbind119784
119783
SUNWsndmu107684
110615
.*sendmail .*aspell-nnHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie6-20040929.115007IsInstalledHKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsDisableCachingOfSSLPagesadaptx122301
117351
117350
125100
125101
122300
113719
113319
108993
108994
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q841373Installed^LM/W3SVC/\d*/ROOT$6011HKEY_LOCAL_MACHINESystem\CurrentControlSet\Services\w3svc\parametersMaxClientRequestBufferData120068
120069
alevtdaeolusHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643-DirectX82InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643-DirectX9InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643Installed118844
HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\Tcpip\ParametersEnablePMTUDiscoveryargusbluez-gnome-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893086\FilelistSUNWsndmr113575
quartz.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q19696Installedapache2-mod_monoapache2-mod_auth_mysql109025
118844
117350
117351
118822
109026
122301
122300
apcupsd127738
127737
117472
109454
109455
117471
itircl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB825119InstalledaalibHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841872Installed118997
SUWNsmbar.*^.*smbd.*bing-debuginfoabook-debuginfobind-doc114265
112837
109327
109326
arptablesbind-chrootenv120037
126374
112960
120036
126373
114242
aspell-ptmsado15.dlla2psash-debuginfoaspell-scmsgsvc.dllwkssvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828035InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MessengerStartbalsaciodm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB871250\Filelist119999
119998
adm8211-kmp-debuggdi32.dllbanshee-plugins-extraPHNE_32606alsa-plugins-debuginfoadnsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}DisplayVersionGifimp32.flt114344
119435
119075
119076
/etcsystem^\s*set\s+c2audit.*=\s*1127112
127111
audit-libs-32bitSUNWinamdsled-releasemono-extrasibm-data-db2mono-jscriptmono-winformsmono-data-oraclemono-data-postgresqlmono-data-sqlitemono-basicmono-data-firebirdmono-nunitbytefx-data-mysqlaspell-aza2acapcupsd-guialsa-ossatitvoutaide-debuginfoHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Word\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp3-20040929.121357Installedalsa-develroot\cimv2select HotfixID from Win32_QuickFixEngineering where HotFixID='KB938123'Mscorlib.dllSystem.web.dllSystem.web.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB867801InstalledMsxml3.dllMsxml5.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared Tools\Web Server Extensions\Setup PackagesSharePointa2ac-debuginfomono-locale-extras/etcpam.conf[^#]*pam_krb5.*debug/etcsyslog.conf^[^#]*(\*|daemon)\.debugHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FCE50DB8-C610-4C42-BE5C-193F46C6F812}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600208}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}DisplayVersionHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\8.0crpe32.dllMso.dllupnphost.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}mono-devel124998
124997
123368
111505
111504
123369
/usr/share/gnome/gnome-aboutgnome-version.xml\s*<minor>0</minor>\s*115159
115298
115158
115299
/usr/share/gnome/gnome-aboutgnome-version.xml\s*<platform>2</platform>\s*121288
121289
antlr-manualsuse-release112300
112085
115553
115554
125124
125123
109896
cdo.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 5.5\SP5\842436aIsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MSExchangeweb113241
125279
125280
109354
109355
113240
106938
109326
112970
SUNWcsx?u/usr/sbin/in.named119254
119255
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824141InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\UtilManStartaspell-no/etc/krb5krb5.conf/etc/krb5krb5.conf^[^#]auth_to_local.*balsa/usr/binbalsaaseqviewadaptx-docafioHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Terminal ServerProductVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q324380InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\RDPWDStart127751
114154
117419
SUNWapchuafs-krb5aspell-foSUNWftpu114564
.*ftpHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\SP2SRP1Installedidq.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q300972Installed114435
113451
/etc/inet/ikeconfigapparmor-utilsantlr-bootstrap116960
113318
117468
116959
124259
124258
aqbanking-develHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\kb823353InstalledHKEY_USERS^S-[-0-9]+\\Identities\\\{[-0-9A-Z]+\}\\Software\\Microsoft\\Outlook\ Express\\5\.0\\Mail$ShowHybridViewapt-file127034
/etcuser_attrtype=role127033
acx-kmp-defaultHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823980Installed127112
127111
aelfred-demokdebase/usr/binkdm109329
122078
123186
114342
113579
109328
123870
SUNWsrspx125713
alsa-docsoes-releaseHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q277873Installed124922
113986
112963
109147
109148
124923
107702
109354
114497
xenroll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323172InstalledHKEY_LOCAL_MACHINESOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersionHome Directorya2ps-hSwflash.ocx126449
126448
xactsrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326830InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanserverStartfirewallapi.dllacpiwSUNWdtdmn108221
alsa-pluginsMscorlib.dllSystem.web.dllvdmdbg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Publisher\InstallRootPathmspub.exepubconv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mspub.exePathakonadi-develamarok-artswiaservc.dllaspell-nbntdsa.dllnddenb32.dllnetdde.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841533Installedcryptui.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823182InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1001HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1001aeolus-debuginfoSUNWnisu108750
110322
^.*ypbind.*108993
115677
121321
108994
115678
121322
aspell-mngrpconv.exeshell32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\PowerPoint\InstallRootPathaspell-faMscorlib.dllapache2-mod_ruby-debuginfo120095
120094
107475
110061
107476
110669
110057
110668
110060
110058
ism.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q321599Installed119213
119214
aspell-armono-data-sybase119813
119812
116106
124421
124420
116105
amidicIpnathlp.dllLM/W3SVC6032wwmp.dllrdpwd.sys112785
112786
119067
119059
119068
119060
aspell-64bitHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.5.0.2)DisplayName/usr/openwin/binlbxproxy107654
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB841873InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}Installedalsa-firmware125794
121132
114717
114669
114716
114670
110671
110670
107893
PHNE_34544WUFTP-26.INETSVCS-FTP111845
124830
124457
124831
124458
111844
PHNE_33395aranym-debuginfoPHCO_34545win32k.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840987InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841356Installedfpadmdll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared ToolsSharedFilesDirvbe6.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Excel\InstallRootOS-Core.ARRAY-MGMTOS-Core.ADMN-ENG-A-MANPHCO_23263SUNWpcu107115
109320
113329
amarok-libvisualSUNWkr5ma.*kadmindapt-develGdiplus.dllapparmor-parser-debuginfomono-dataHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\MOCexcelcnv.exeSUNWstm117367
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows MailMediaVerapache2-mod_rubywdhtmled.ocx112669
112668
116341
116340
120720
120719
118966
HKEY_LOCAL_MACHINESoftware\Microsoft\Updates\Windows XP\SP2\KB914798HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP3\KB890923\Filelist112785
112786
119067
119059
119060
119068
anthy-debuginfoanthyOS-Core.UX2-COREPHCO_32149PHCO_32926httpd.*.*.*sendmail108528
112233
aalib-debuginfoalevt-debuginfoHKEY_LOCAL_MACHINESoftware\Microsoft\Updates\Windows Server 2003\SP1\KB914798capicom.dll125101
125100
wjgdw400.dllHKEY_LOCAL_MACHINESOFTWARE\Symantec\InstalledAppsInternet SecurityPHCO_33214PHCO_33215alsa-plugins-pulseSUNWgzip112668
118372
114435
113451
118371
openssl-perlopenssl-developensslopenssl096b/tmpInternetSrvcs.INETSVCS2-RUNPHNE_29462HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0050048383C9}DisplayVersionHKEY_LOCAL_MACHINE^Software\\Microsoft\\Office\\10\.0\\Registration\\.*ProductIDPng32.flt109764
116047
119596
109765
121995
118813
121316
123703
117350
116960
117125
120884
118558
120662
123704
121317
118559
119439
113278
116959
117351
118822
120661
118844
ampacheaalib-develalsa-utils117350
118558
117351
118559
/usr/share/gnome/gnome-aboutgnome-version.xml\s*<description>2\.0\.0.*</description>\s*114644
114645
114686
/usr/share/gnome/gnome-aboutgnome-version.xml\s*<description>2\.0\.2.*</description>\s*115738
114687
115739
/usr/share/gnome-aboutgnome-version.xml\s*<distributor-version>Sun Java Desktop System, Release 2</distributor-version>\s*121092
mono-corealsa-oss-debuginfo118822
118844
PHNE_33159HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885250Installedhypertrm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP3\KB873339\FilelistHKEY_CLASSES_ROOThtfileHKEY_CLASSES_ROOTtelnet\shell\opencommandumpnpmgr.dllImekr61.imeacctjgdw400.dllnetlogon.dllrasmans.dllPHCO_32280Ntkrnlpa.exeSysMgmtServer.MX-PORTALSysMgmtServer.MX-PORTAL120329
120330
/etcpam.conf^other.*krb5.*HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q320206Installedsmss.exePHCO_29249InternetSrvcs.INET-ENG-A-MANPHNE_33792InternetSrvcs.INETSVCS2-RUNHKEY_LOCAL_MACHINESOFTWARE\NCompass\Resolution Content Server\VersionInfoPatchesHKEY_LOCAL_MACHINESOFTWARE\NCompass\Resolution Content Server\VersionInfoVersionAeserverobject.dllOS-Core.CORE-ENG-A-MANOS-Core.UX-COREPHCO_33967HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.0\S895309InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.1\S918007InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.1Mfc71.dllMfc40u.dllMfc42u.dllMfc70.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player 9\KB885492PackageVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{ 3e7bb08a-a7a3-4692-8eac-ac5e7895755b}IsInstalledNpdsplay.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\9.0\PowerPoint\InstallRootPowerPnt.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerPnt.exePathmono-webHKEY_LOCAL_MACHINESoftware\Microsoft\Office\9.0\RegistrationProductIDNetworking.NET2-KRNkernel32.dllwins.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB870763InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\winsStartaalib-devel-64bitSecure_Shell.SECURE_SHELL111571
115880
aalib-devel-32bitwmi.dll110943
113072
114423
108975
108976
108117
httpd.*.*.*110286
/usr/dt/binrpc.ttdbserverdHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla \(.*\)$DisplayNameHP_Webproxy.HPWEB-PX-COREPHSS_34163111400
114637
111401
114636
HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \((0\..*|1\.0\..*\))$DisplayName/usr/openwin/libfs.auto109862
.*fs/usr/openwin/binxfsaalib-32bitmsmapi32.dllSUNWwbmc.*smcbootkodakimg.exegtkhtml/usr/binevolutionSUNWnsbInternetSrvcs.INETSVCS-RUNInternetSrvcs.INET-ENG-A-MANPHNE_23948109023
120240
109024
120239
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313829Installedcsrsrv.dllwinsrv.dllSUNWsmbau114684
^.*smbd.*PHSS_34102HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q817606InstalledCIFS-Server.CIFS-RUNCIFS-Server.CIFS-UTILCIFS-Server.CIFS-ADMINCIFS-Server.CIFS-LIBmsmapi32.dllPHCO_30402HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9}mup.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q312895Installed111313
111314
116807
116808
121308
121309
ieapfltr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q314147InstalledPHNE_23950/usr/dt/bindtlogin^.*dtlogin.*108919
112807
107180
OS-Core.CORE-ENG-A-MANOS-Core.UX-COREPHCO_33989HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009InstalledOS-Core.UX-COREPHCO_33219HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Excel\InstallRootPathshdocvw.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{90A2A715-D986-4EAB-8C73-4D06114EF760}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}IsInstalledHKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1803SUNWlzas121332
IPSec.IPSEC2-KRNIPSec.IPSEC2-KRNTOUR_PRODUCT.T-NET2-KRNPHNE_32606HKEY_LOCAL_MACHINESOFTWARE\Clients\Media\Winamp\shell\opencommandHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Transaction Server\PackagesStart/usr/openwin/binXsunHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\SNMPStarttcpcfg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q265714Installed108529
108528
106541
112234
112233
105181
106542
105182
gtkhtml118305
117470
116966
116965
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupNewestBuildcdoex.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90110409-6000-11D3-8CFE-0150048383C9}DisplayVersionvislib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\visio.exePathsles-releaseHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\MachineDistinguished-Namesld-releaseHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Assemblies\GlobalMicrosoft.SharePoint,version="12.0.0.0000000",processorArchitecture="MSIL",publicKeyToken="71E9BCE111E9429C",fileVersion="12.0.6039.5000",culture="neutral"msjava.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\10.0\RegistrationUDBVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\PlayerUpgradePlayerVersionWmp.dllgnupg/usr/bingnupgHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890175InstalledFreeRADIUSudp.*1812hpuxwsAPACHEhpuxwsAPACHEmstask.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{bfb56e60-5895-496c-bd6b-459b97142e4c}IsInstalled114193
112945
121308
111313
111314
121309
SUNWwbmcHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}VersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\ NT\\CurrentVersion\\Hotfix\\[Kk][Bb]834707[-a-zA-Z0-9.]*$InstalledInternetSrvcs.INETSVCS-RUNPHNE_34543WUFTP-26.INETSVCS-FTPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\9.0\Word\InstallRoothttpext.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824151InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\W3SVC\ParametersDisableWebDAVghostscript/usr/bings125720
112785
119059
112786
124833
119060
119068
119067
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885835InstalledMdbmsg.dlltcpip.sys108376
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wvxHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wplHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmxHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmsHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmzHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\9.0\RegistrationUDBVersionwmp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player 9\SP0\KB885492PackageVersionHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asxHKEY_LOCAL_MACHINE\SOFTWARE\Classes\.waxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891711Installeduser32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q319733InstalledLM/W3SVC6014HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{839117ee-2132-4bae-a56a-42b50204c9b9}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB889293IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB893066Installedtcpip.sysMozilla.MOZ-COMMozilla.MOZ-COMInternetSrvcs.INETSVCS-RUNInternetSrvcs.INET-ENG-A-MANPHNE_23949HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\SubSystemsPosixpsxss.exeSUNWadmfw.*100232/10116457
116442
116454
.*100232/10HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890859InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 1.0.7DisplayNamePHNE_34306HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811493InstalledNtoskrnl.exeSecure_Shell.SECURE_SHELLSecure_Shell.SECURE_SHELLHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\2ACE96BF53CE47C46B808783D50059D9ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\813ACF1D304B0FB43A2E440E1CF2ADD3ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\96CF2B3B315599C4A9E75C85A4295880ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\EDDFACCCCECE4EA4DB79400767BB4D9AProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\813ACF1D304B0FB43A2E440E1CF2ADD3ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\B56328045890A99429D04E4D14D45CF8ProductNameVirtual pc.exeVssrvc.exemozillaHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\8.0\RegistrationUDBVersionWmpui.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896426Installed121211
121212
netman.dllhhctrl.ocx118833
118855
oleaut32.dllVaultWS.WS-COREPHSS_34123gedit/usr/bingeditsudo/etcsudoers/usr/binsudowordpad.exe.*100235/1/usr/lib/fs/cachefscachefsd108800
PHSS_34169VaultTS.VV-IWSVaultWS.WS-COREPHSS_34121VaultTS.VV-IWSPHSS_34170VaultWS.WS-COREPHSS_34120VaultTS.VV-IWSPHSS_34171VaultWS.WS-COREPHSS_34119HP_Webproxy.HPWEB-PX-COREPHSS_34203HP_Webproxy.HPWEB-PX-COREPHSS_34204HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Word\InstallRootwordview.exemono-core-32bitHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\7.1\RegistrationUDBVersionwmpui.dllHKEY_LOCAL_MACHINESOFTWARE\Classes\MIME\Database\Content Type\application/htaExtensiondns.exeSUNWmoznavSUNWmozmail117765
117767
HKEY_CLASSES_ROOTMITrain.Document\shell\open\commandOrun32.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Step by Step Interactive Training\SP2\KB898458\FilelistMsdtctm.dllwebclnt.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Outlook\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\9.0\Outlook\InstallRootPathOutllib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Common\InstallRootPathOutllib.dllOutllib.dllPHNE_24395HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Common\InstallRootInstallCountmsadco.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OleEnableDCOMcdoex.dll.*100221/1/usr/openwin/binkcms_serverHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923 -ie501sp3-20050225.100153Installedlibgdlibgd-develHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890046Installedagentdpv.dll113273
/etc/sshsshd_config^\s*Protocol\s+123324
/etc/sshsshd_config^\s*Protocol\s+.*1114858
123325
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Word\InstallRootwinword.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exePathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.5)DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla Firefox 1.5\binPathToExeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.5.0.1)DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird (1.5)DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla Thunderbird 1.5\binPathToExeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SeaMonkey \((1\.0[ab]|1\.0)\)$DisplayNameitss.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840315InstalledHKEY_LOCAL_MACHINESOFTWARE\Classes\ITSProtocolSRV.SYSHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB817606InstalledPHNE_33159libxmllibxml-developenSUSE-releaseHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA ServerVersionMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\277Kbs/usr/bingzip/usr/bingunzipHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Applets\WordpadEnableLegacyConvertersHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885836Installedmswrd632.wpcHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Outlook\InstallRootPathmsmapi32.dll118844
C:\Program Files\Common Files\Microsoft SharedVgx.dll119450
119449
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873333InstalledCrystalDecisions.Web.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\w3svcStart/usr/binbzip2InternetSrvcs.INETSVCS-RUNInternetSrvcs.INET-ENG-A-MANPHNE_33791hlink.dllQuartz.dllWUFTP-26.INETSVCS-FTPmsieftp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server SPDisplayNamew3proxy.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\UninstallMicrosoft ISA ServerHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FPC\Hotfixes\SP1\430kbsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896422Installedsrv.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896727Installedtelnet/usr/bintelnet123325
114357
123324
114356
mrxsmb.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}IsInstalledtelnet.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.0cdosys.dllSUNWbnuu106952
111570
113322
Fontsub.dllT2embed.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB901214IsInstalledmscms.dllfetchmailgdmHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824146Installedrpcrt4.dllkernelkernel-hugememkernel-smpHKEY_LOCAL_MACHINESOFTWARE\CLASSES\PNGFilter.CoPNGFilterdhtmled.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891781IsInstalledPHNE_33427SUNWkr5svSUNWkr5slSUNWkrgdoSUNWkrggl112536
112908
112237
112390
/etc/krb5krb5.conf^[^#_]*default_realm[^=]*=[^_]*$gzip/usr/binzgrepnwwks.dllsxs.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Excel\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\9.0\Excel\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Excel\InstallRootxlview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90840409-6000-11D3-8CFE-0150048383C9}InstallLocationexcel.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exePath/usr/lib/snmpsnmpdx^.*inetd.*.*100083/1SUNWtltkx?112808
HKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q819696Installedschannel.dll^LM/W3SVC/.*$5506HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\ServerEnabled125100
125101
.*nfsdHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\SubcomponentsieHardenadminHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\SubcomponentsieHardenuserMSO.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirShrichedit.dllRiched20.dllMso9.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\9.0\Common\InstallRootPathMSO.DLLntdll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q815021InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.10\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-6]\))$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB897715Installed\bpostmaster\brh-postgresql-contrib/usr/lib/pgsqltsearch.so122300
122301
Mapi32.dllbzip2/usr/binbzgrepHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\LmHostsStartHKEY_LOCAL_MACHINE^SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\Interfaces\\Tcpip.*$NetbiosOptionsssnetlib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893756InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TapiSrvStart119985
122082
mozilla/usr/binmozillarpcss.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicePackBuildmdbmsg.dllevolutionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\PowerPoint\InstallRootPathpowerpnt.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exePathMsw3prt.dlljscript.dllopenoffice/usr/binoocalc/usr/binoodraw/usr/binooffice/usr/binooimpress/usr/binoowritermf3216.dllgdi32.dllMf3216.dllcomsvcs.dllcryptdlg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896358Installedhh.execrypt32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329115InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NetlogonStartmsgina.dllzipfldr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873376InstalledHKEY_LOCAL_MACHINESOFTWARE\Classes\CompressedFolderFriendlyTypeNameHKEY_LOCAL_MACHINESOFTWARE\Rockliffe\MailSiteVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q293826InstalledFlash9.ocxFlash8.ocxFlash.ocxopensslopenssl-developenssl-perlopenssl096openssl096b^.*snmpdx.*SUNWsasnm107709
108869
snmp.exeumandlg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB896423Installed/usr/X11/binXorg119059
108653
119060
.*Xsun\b.*cvsole32.dllMsxml6.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q823718IsInstalledodbcbcp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DataAccessFullInstallVerfetchmail/usr/binfetchmailHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SeaMonkey \(1\.0[ab]\)$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\mozilla.org\SeaMonkeyCurrentVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-7]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-7]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.1[0-2]\))$DisplayNameHKEY_LOCAL_MACHINESoftware\VERITAS\Backup Exec\ServerCurrentVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\LSARestrictAnonymousPHCO_28847DCE-Core.DCE-CORE-SHLIBSW-DIST.SD-AGENTPHSS_29963HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828741InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OleEnableDCOMHTTPrpcproxy.dllLocator.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q810833InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\RPCLocatorStartInternetSrvcs.INETSVCS-RUNInternetSrvcs.INET-ENG-A-MANVirtualVaultOS.VVOS-AUX-IAPHNE_24395HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB837009InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX8InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX81InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX82InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DirectXVersiondplayx.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX9InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883939InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersionCurrentVersionsqlservr.exeodsole70.dllxpqueue.dllxprepl.dllxplog70.dllxpweb70.dllxpstar.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exePathHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NetBIOS\LinkageBindHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NetBIOS\LinkageExportHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NetBIOS\LinkageRouteHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\SecurePipeServers\winregHKEY_LOCAL_MACHINE^Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*DisplayNamemad.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicesHKEY_LOCAL_MACHINESoftware\Microsoft\Updates\Exchange Server 2000\SP3\Q316056HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\SecurePipeServers\winregEveryoneHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\ProductOptionsProductSuiteHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q299444Installedwinlogon.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q317636Installed/usr/lib/netsvcrpc.yppasswdd^.*rpc\.yppasswdd.*111590
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q295534InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q301625Installedkernel-unsupportedHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\ProductOptionsProductTypelsasrv.dllshell32.dllHKEY_LOCAL_MACHINE^Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[1-3]$1802HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{D7B44F3E-77D3-44C5-8E03-4222D9A18B7B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{61E6EAE5-7821-4AC1-9BBD-AED032A8E273}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{FF4DD9CD-F25E-425a-8B5C-A2D062781FBB}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2757B1D6-0367-4663-877C-93ECC5C01BF6}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{C34F4917-ED43-439f-9023-97B0024A2B3B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{f5de1b93-9d38-416b-b09e-aa85a8e84309}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{716E024F-7F74-47F3-B93B-9FF7F3CBF94C}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}IsInstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1803kernelmsw3prt.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Outlook Express\Version InfoCurrentinetcomm.dlletherealethereal-gnomeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q327696InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811114InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMajorVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMinorVersionw3svc.dllhelpctr.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840374Installedmsasn1.dllTCP.*.*squirrelmailphp/etc/httpd/moduleslibphp4.soHKEY_LOCAL_MACHINESOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsSecurity_HKLM_onlyHKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400evtgprov.dllMsxml4.dllSUNWdtwm118953
118954
109931
109932
114219
SUNWTiffSUNWTiffx114220
119900
119901
111844
111845
112785
112786
.*httpd116973
116974
113146
114145
redhat-release/usr/bincvscvskerberos.dllrdpwd.systapisrv.dllmshtml.dllspoolsv.exeumpnpmgr.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \(0\.9.*\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[6-8]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-4]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[0-8]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[6-9]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\(1\.7\)|\(1\.[0-7]\.[0-3]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \(0\.[0-9].*\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-5]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-1]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-6]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-3]\))DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-7]\))DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla ThunderbirdCurrentVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-2]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-2]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-4]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-8]\))$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla FirefoxCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\mozilla.org\MozillaCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB835732InstalledHKEY_CLASSES_ROOTHCPhelpctr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionvgx.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionProgramFilesDir108652
/usr/openwin/binxlockHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCSDVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTURE0209truetruetruetrue4.10.2001.015.0.2195.6904B.11.230:1.2.7-246.0.2739.3006.0.2800.15060:0.10.3-0.30E.20:0.10.3-0.30E.27:2.5.STABLE3-6.3E^.*squid6.0.2719.2200gopher://0:0.5.5-1.3EL.0truetruetruetrue0:1.14i-10.2truetruetrue14:3.7.2-7.E3.2truetruetrue2:1.2.2-212:1.2.2-210:1.0.13-120:1.0.13-120:1.11.2-224.0.1381.72554.0.1381.335594.0.8618.04.0.8618.010:2.5.7-4.3E4.1.0.38615.1.2600.1345.1.2600.1348^2\.6.*2000.80.746.03.70.11.400:5.5.6-156.0.2715.40033335.0.2195.68985.1.2600.1355.1.2600.13615.2.3790.1425.0.2195.69066:3.1.3-6.4truetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetrue4.0.1381.1335.2.3790.1320:0.2.5-0.4^.*racoon5005truetrue05399382true7:2.5.STABLE3-5.3Etruetrue0:2.4.21-9.0.3.EL0:2.4.21-9.0.3.EL0:2.4.21-9.0.3.EL4.1.0.39324.1.0.3931115.0.2195.667214.0.1381.27914.2.780.15.50.4927.21006.0.2713.110035.2.3790.1396.0.2716.22005.50.4613.170015.2.3790.1340137:1.4.2-3.0.24.0.1381.1641525265.0.2195.36495.131.1880.145.2.3790.25064.2.769.15.0.2195.69015.2.3790.125104.87.1964.18805.1.2600.1355.1.2600.13610.9.3940.2015.1.2600.1345.1.2600.13614.0.1381.72634.0.1381.335625.0.2195.68954.0.1381.72554.0.1381.335595.0.2195.69045.1.2195.68995.131.2195.68245.0.2195.508010:0.10.3-0.30E.10:0.10.3-0.30E.15.1.2600.1365.1.2600.13475.50.4939.3000903010903010:0.10.3-0.90.10:0.10.3-0.90.1truetruetruetruetruetruetruetruetrue7:2.5STABLE1-3.9^.*squid.*0:2.0.46-32.ent37:1.4.2-0.9.0truetruetrue37:1.4.2-0.9.00:0.9.7a-33.40:0.9.7a-33.40:0.9.7a-33.40:0.9.6b-160:5.0.9-2.30E.1^.*snmpd.*0:2.4.21-9.EL0:2.4.21-4.0.2.EL0:2.4.21-4.0.2.EL0:2.4.21-4.0.2.EL0:1.11.2-14361510176:3.1.3-3.30:2.0.46-26.ent0:2.0.40-21.90:4.0.7-4.EL3.20:1.0.6-7.EL^.*rpc\.mountd510:2.4.20-28.90:2.4.20-28.90:2.4.20-28.96:3.1-6truetruetrue0:0.10.0a-0.90.10:0.10.0a-0.90.1truetruetruetruetruetruetruetruetrue0:1.11.2-13true14:3.7.2-7.E3.10:4.0.7-4.rhl9.114:3.7.2-7.9.1truetruetrue1:0.22.0-6.1.01:0.22.0-6.1.01:0.22.0-6.1.01:0.22.0-6.0.31:0.22.0-6.0.31:0.22.0-6.0.36.0.0.06.1.0.21110.0.5709.010.0.4333.04.14.1.0.39344.1.0.39341445:1.4.1-3.40:2.4.20-30.90:2.4.20-30.90:2.4.20-30.927512808620:2.5.10-60:2.5.10-60:2.5.10-60:4.3.0-55.EL2000.80.428.04.71.1.327.152.0.21.62.0.00:3.0.1-4^.*httpd02010:3.0.2-6.3E0:1.4.7-7.EL0:2.4.21-9.0.1.EL0:2.4.21-9.0.1.EL0:2.4.21-9.0.1.EL6:3.1-131:4.6.0-7.9truetruetrue0:2.7-2truetrue2000.80.213.02000.80.213.01:0.75-0.9.0truetruetrue3:2.1.1-55:1.4.1-3.30:9.24-11.30.10:9.24-11.30.10:9.24-11.30.10:4.3.0-2.90.55truetruetrue0:9.24-10.90.10:9.24-10.90.10:9.24-10.90.1truetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetruetrue0:1.4.7-4.1.*5.2.3790.994.0.1381.335544.0.1381.7255195.2.3790.8810.0.6775.05.1.2600.1195.1.2600.12745.0.2195.682415.2.3790.25165.3000.2073.132.23.07.0.1701.443.58.0.1969.335.2.3790.3605.0.2195.34075.1.2600.1605.0.2195.69872000.85.1025.02000.85.1025.015.2.3790.2476B.10.01B.10.01B.10.10B.10.10B.10.01B.10.105.0.2195.5695012000.81.9002.02000.81.9002.02000.81.9042.02000.81.9042.06.00.2900.21806.0.2900.25236.0.2900.252414D\.5\.8\.0\.[ABCDEF]D.5.8.3.AD\.5\.8\.2\.[ABCDE]D\.5\.6\..*D\.5\.8\.2\.[ABC]7.0.8002.005101505090508115.1.2600.18635.2.3790.27455.1.2600.29385.2.3790.5585.0.2195.71005.2.3790.3161:2.0.14-4truetruetrue5.0.2195.70715.0.2195.70730:5.5.6-142000.80.296.06.0.3790.25215.0.2195.68701111216197/usr/dt/bin/dtspcdtruetruetrue5.1.2600.27775.1.2600.277710.0.5815.06.4.99.725.1.2600.17904.0.1381.71774.0.1381.71774.0.1381.72024.0.1381.7207125.2.3790.1935.2.3790.1930:7.3.10-18.0.1.99045.0.2195.7098^Mozilla Thunderbird \((0\..*|1\.0\..*\))(0\..*|1\.0\..*)110.0.5815.00:2.8-0.9E^.*ypserv.*1:2.0.1-11truetruetrue1717161703032:2.3.11-1.9.0^.*xinetd.*5.0.2195.68231truetruetrue20:3.1.6-22.EL3truetruetrue4.0.1381.33632A.02.01A.02.01A.02.01A.02.015.0.893.11056.0.2800.15845.0.2195.71029.0.0.82160:1.1.3-8^.*vsftpd.*0:3.1.23.1-55.0.2195.49835.5.2658.340:1.3.7.2-6true0:5.50-33truetruetrue5.1.2600.1698B\.11\.11\.(00.*|01\.00[0-5])0:1.2.11-1B.10.10B.10.20B.10.01B.10.30RASPHONE.PBK4.0.1381.714015.2.3790.3486.0.3790.3276.0.3790.24405.0.2195.71085.1.2600.29765.2.3790.32910:1.1.17-13.3^.*cupsd.*0:8.12.8-6.90^.*sendmail.*0:8.12.8-9.90^6\.2\.020[5-9]B.11.235.0.2195.697210101019.0.0.893011.0.8103.010.0.6815.05.0.2195.610616.0.3790.2748.0.0.97168.0.0.93155.0.3809.06.5.6756.05.0.2195.686216.0.2900.26200:8.12.8-5.90truetruetruetrue^.*sendmail.*0:2.10.1-1.10:2.10.1-1.1truetruetruetruetruetrue0:2.2.7a-8.9.0^.*smbd.*5.1.2600.30195.2.3790.599225302000.80.747.02000.80.747.00:2.2.7a-7.9.0^.*smbd.*5.2.3790.6015.2.3790.28135.1.2600.30165.0.2195.71140:0.9.11-0.90.16.4.9.113310.0.0.37027.10.0.307910.0.0.381010.0.0.37089.0.0.3265^6[,\.]4.*5.2.3790.5525.2.3790.27345.1.2600.29355.1.2600.18605.0.2195.71006.0.2750.1664.0.1381.335786.0.3790.11813.70.11.463.70.11.4612:1.1.12-1^.*smtpd.*0:2.2.0-2truetruetrue030801A\.0[12]\..*6.0.2800.14006.0.2737.8005.50.4937.8005.0.3813.8005.1.2600.1495.1.2600.1585.5.1877.79145.0.3502.48560:4.44-19.90.0truetruetrue5.0.0.79911.0.3705.5561,0,3705,21,0,3705,31.0.3705.6021125.1.2600.27106.0.3790.5886.0.2900.29876.0.3790.27836.0.2800.18926.2.0208MSN Messenger 6.25.2.3790.5595.1.2600.18745.0.2195.71055.2.3790.27475.1.2600.29525.0.3526.8005.0.3513.900^2\.70.*$2.0.390.1610:4.2.2-17.22000.80.309.02000.80.760.038174.0.1381.73295.0.2195.6624truetrue4.0.1381.73453.0.1200.2911146.5.6980.5706.0.3790.2124.0.1381.335666.1.0.923110.0.803.25.0.2195.70005.0.2195.70573060601026.0.3790.2415.0.3900.70325.0.3510.11002:2.81-88.310:1.1.6-9.95.0.2195.70440718192728085.2.3790.3090:0.9.7a-50:0.9.7a-50:0.9.7a-50:0.9.6-170:0.9.6b-65.2.3790.1735.2.3790.1844.3.86.05.0.3858.11006.0.2900.32416.0.3790.30336.0.3790.41845.1.2600.18735.1.2600.29512519055.0.2195.67131.0.0.314.0.1381.8425.2.3790.2055.0.0.8055.1.0.11090:3.5p1-110:3.5p1-6.9^.*sshd.*040704010:1.0.1-3.9^.*rpc\.mountd.*6.0.2900.29626.0.3790.27575.1.2600.17105.0.2195.210315.0.2195.71475.2.3790.30275.2.3790.417115.1.0.1044112B\.11\.00\.(00.*|01\.00[0-4])055.1.2600.25250:3.23.56-1.9^.*mysqld.*5.1.2600.18295.0.2195.70845.1.2600.28896.0.3790.5206.0.3790.26845.0.3900.69705:1.4.1-1truetruetrue6.0.2900.32437.0.6000.165876.0.3790.41866.0.2800.16056.0.3790.4186025.0.2195.69469.0.0.895011.0.8104.011.0.8105.010.0.6816.00:4.49.4-9.9.110.0.2609.0^4\.[0]*8\.[0]*1\..*6.5.2600.3243^4\.[0]*9\.[0]*\.0904$6.6.6000.165876.5.1.9086.5.3790.30356.3.1.8906.5.3790.41786.1.9.7334.0.1381.335875.2.3790.5885.2.3790.27835.1.2600.18855.0.2195.71065.1.2600.29746.0.3790.1983.0.1200.408KB88825802135.2.3790.2055.0.33668.1140:3.8.19-3.1true^.*lpd.*6.0.2800.1411B.11.116.0.6000.16586/usr/dt/bin/rpc.cmsdtruetruetrue2260609022.0.50727.1016:3.1-12truetruetrueB.11.041/usr/lib/netsvc/rwall/rpc.rwalldtruetruetrue130702111207020403316.0.3790.2803.0.1200.2573.0.1200.25733106620304020102035.0.2195.70235.2.3790.5885.2.3790.27835.1.2600.30155.0.2195.71106.5.6981.307064.0.1381.335915.1.2600.13639.0.0.895111.0.8104.011.0.8106.010.0.6818.04.0.1381.732312110813011006012006164.0.1381.72706.0.2734.16006.0.3790.1986.0.6000.1657510.0.4330.004046.0.2800.15806.0.2800.158011.0.5614.05.2.3790.24275.0.2195.49801035.50.4945.28002.0.50727.2105.1.2600.26956.0.2800.14986.0.2800.149905.2.3669.05.2.3644.05.2.3644.05.2.3644.015.0.2195.66724.2.764.110.0.4205.010.0.4205.02:1.2.2-242:1.2.2-240:1.0.13-140:1.0.13-144.0.2.75234.0.2.752318049.1.1.38449.1.1.386210.0.0.400010.0.0.371011.0.0.07.10.0.308111.0.5721.523811.0.6000.63459.0.0.326710.0.0.40609.1.0.09.0.0.010.0.0.07.10.0.011114.72.3841.1100140709017\.0,.*7\.0,.*5.0.3900.703615.2.3790.2420:2.5-4.RHEL3true^2\.1.*$2.12.5118.05.2.3790.250081011.1.4322.203711.1.4322.108515.1.2600.1634B.11.00B.11.00B.11.10B.11.10B.11.106.0.2600.1510516.0.3790.941115.1.2600.1175.1.2600.124310.0.6811.09.0.0.894811.0.8036.0136.1.0.923215.2.3790.24650:4.3.2-24.ent6.0.2800.12765.50.4934.16004.71.2195.69205.0.3810.17000102035.0.2195.67991truetrue5.1.2600.1125.1.2600.11935.82.2800.18915.82.3790.5835.82.3790.27785.82.2900.29825.81.3900.71095.0.3900.69226.0.2742.2006,0,2600,00009.0.0.82164.0.1381.73425.0.3523.17005.0.2195.3881110.0.6626.06.0.3264.0Installed4.0.1381.731245.1.2600.2709380304025.1.2600.15675.1.2600.15675.1.2600.15555.1.2600.15555.0.2195.70178.0.0.449015.2.3790.225srv03_qfe5.2.3790.227srv03_qfe4.0.1381.722416.0.2800.18736.0.2900.29516.0.3790.5595.0.3900.71056.0.3790.27460232182000.80.650.05.0.2195.61595.2.3790.2335.0.3846.23005.0.2195.69525.0.2195.69222014.0.1381.3363016.0.2800.12336.0.2600.1154.0.2.752311014.0.1381.72864.0.1381.335775.1.2600.16130:2.4.20-19.910.0.6714.050011311.0.8122.09.0.0.896010.0.6825.05.0.2195.490515.2.3790.5265.0.2195.70875.1.2600.18325.2.3790.26915.1.2600.28932000.80.818.02000.80.765.02000.80.765.02000.80.765.01010050103030315.0.2195.67536.0.2900.2604^2\.6.*$2.62.9119.16322000.80.650.05.0.2195.567115.1.2600.16198.0.50727.2366.4.9.112115.0.2195.69290:2.4.20-18.97.0.6000.164140:2.4.21-15.0.2.EL0:2.4.21-15.0.2.EL0:2.4.21-15.0.2.EL028.0.0.44776.4.9.11216.4.9.11248.0.0.44828.0.0.448210:11.6.0-11.900:11.6.0-11.9011.0.8028.010.0.6804.09.0.0.8944(^i[56]86$)|(^x86_64$)|(^ppc$)(none)a84edae89c800aca5.0.2195.6110115.0.2195.696614.0.1381.336182.53.6202.01^2\.5.*$042000.80.578.02000.80.561.06.0.3264.0^5\.[1-2]$5.1.2600.29755.1.2600.18865.2.3790.5765.2.3790.27715.00.3314.21015.0.3504.25005.2.3790.3365.1.2600.1205.1.2600.13015.1.2600.1205.1.2600.13012003.1100.6252.09.00.93279.00.93275.1.2600.1711ia640202016.0.3790.1816.0.3790.1851:1.3.1-0.el3truetruetrue045.0.2195.60110:2.4.20-13.95.0.2195.59741010302020201015.2.3790.3245.2.3790.2455.2.3790.22715.0.2195.7021145.0.2195.70355.1.2600.26965.16.0.3790.279120413035.1.2600.25635.0.2195.700562.4.202.4.20-65.0.3534.2800109080303021015.2.3790.1634.0.1381.72995.0.2195.69281.0.0.510:1.2.7-140:1.2.7-14(^i586$)|(^ppc$)(none)a84edae89c800aca6.0.3790.206146.0.3790.21915.1.2600.15963318122403015.2.3790.163
4
4.0.1381.72684.0.1381.72806.0.3790.16811.0.8125.01.11.0.1.21251(^i[56]86$)|(^x86_64$)|(^ppc$)|(^noarch$)(none)a84edae89c800aca2000.80.818.02000.80.818.02000.80.811.02000.80.765.02000.80.818.02000.80.818.02000.80.818.02000.80.818.02000.80.816.02000.80.800.02000.80.778.02000.80.765.02000.80.798.02000.80.765.02000.80.765.010.0.6735.010.0.8326.05.1.2600.1099.0.0.894610.0.6809.011.0.8033.05.2.3790.5365.1.2600.29125.0.2195.70855.1.2600.18475.2.3790.27065.2.3790.41155.0.2195.70905.1.2600.31736.0.6000.165255.2.3790.29712000.80.384.02000.80.223.02000.80.223.02000.80.223.02000.80.223.06.0.3790.21114650:1.2.7-145.50.4725.21005.1.2600.25771Microsoft Office SharePoint Server 200712.0.6028.500012.0.6031.50004.0.1381.730415.1.06395.1.0.639604.0.1381.335455.0.3826.240015.50.4922.900010101140903030101010101016.0.2800.15566.0.3790.6306.0.3790.28676.0.2900.30510508080311.0.8107.09.0.0.895010.0.6817.06.0.2745.2800119.0.0.8929480210655.10.2930.04.20.9839.08.70.1113.06.0.3888.014.2.788.1
^http:*,PERMANENT,*
1638410.0.6819.011.0.8110.09.0.0.89525.2.3677.144^4\.08\.02.*$15.3.0.903^4\.09.*$15.1.2600.148^4\.08\.01.*$15.1.2600.15175.1064^i.*861406.0.2800.1643016.1.5.1321074924081106045.2.3790.80114.0.1381.335674.0.1381.72691802^.*smbd.*6.0.2900.31996.0.2800.16015.0.3856.17007.0.6000.165466.0.3790.41347.0.6000.165446.0.3790.29935.0.3819.3001314209.0.0.896410.0.6834.011.0.8146.02.53.6307.02.71.9054.02.81.1128.02.80.1064.0155.50.4942.4005.0.2195.68615.0.2195.6861145.2.3790.2202.0.0.34265.0.2195.6945B.11.236.0.3790.29547.0.6000.165256.0.2900.31577.0.6000.165276.0.3790.41066.0.2800.159710.0.6754.05.50.4943.400^9\..*2003.1100.8020.021201301071003(^i586$)|(^x86_64$)|(^ppc$)(none)10.1a84edae89c800acappc(^i586$)|(^x86_64$)|(^ppc$)|(^noarch$)(none)a84edae89c800aca0:1.1.18.1-12.20:1.1.18-9.10:1.1.13.8-2.15x86_64i586(none)9a84edae89c800aca5.2.3790.29605.1.2600.31595.0.2195.7138i586(none)a84edae89c800aca5.0.3821.280011.0.3705.60181.0.3705.60601.1.4322.24076.0.3790.19118.90.1101.04.20.9847.06.10.1200.05.20.1081.0Installed9.0.0.894313127.0.0820.05.1.2600.15975.00.3315.10005.0.3532.3009.1.2.187110.2.0.122212.00.6017.500010.0.6830.011.0.8132.09.0.0.89619.0.0.63285.1.2600.30775.2.3790.40195.2.3790.28785.0.3900.7009i586(none)9.3a84edae89c800aca03016.5.7233.692.0.0.34255.2.3790.1243530304(^i586$)|(^x86_64$)|(^ppc$)(none)10.0a84edae89c800aca0102282401359.0.0.69265.5.2558.10226530226251312.00.6014.50005.2.3790.40705.2.3790.2926081306265.1.2600.1185.1.2600.125514^i.*6416051109(^i586$)|(^x86_64$)(none)9a84edae89c800aca5.0.2195.68100:2.0.6-2truetruetrue5.1.2600.1375.1.2600.13646.5.7650.295.05.0.2195.5880140102039.0.0.894201055.131.2195.67585.1.2600.183610.0.0.37049.0.0.896111.0.8134.010.0.6829.011.0.8133.002/usr/sbin/in.ftpd15.0.2195.36451
^.*idq\.dll.*$
12135.1.2600.1555.1.2600.15645.2.3790.12805.2.3790.1425.1.2600.16062915166.0.2800.1441100114.0.1381.7224016:3.1-15truetruetrue093\.2\.3,.*3\.2\.3,.*3\.2\.4,.*3\.2\.4,.*10i586(none)9a84edae89c800aca2001.12.4414.31115.0.2195.2784222742415.1.2600.18421219015.131.3659.0106.0.2716.220005.2.3790.29245.1.2600.31265.1.2195.71365.2.3790.40685.0.44.023045.0.2195.5971125.1.2600.16205.1.2600.16056.0.6000.16501019.0.0.792410.0.6835.09.0.0.89652.0.50727.422.0.50727.8325.1.2600.156012.0.6023.50009.0.0.895810.0.6826.06.0.6000.164805.1.2600.30515.0.2195.71354.0.1381.335654.0.1381.3357415.0.2195.70975.131.2600.1175.131.2600.12431335.2.3790.25202015.1.2600.1665.1.2600.290214510201145102015.1.2600.15805.1.2600.158010.0.6800.01.1.4322.2032(^i586$)|(^x86_64$)(none)a84edae89c800aca110310045.1.2600.29089.0.0.33494.2.776.116.0.6618.45.0.2195.71355.1.2600.31035.2.3790.6585.2.3790.29026.0.6000.164456.0.6000.164455.1.2600.125404065.0.2195.69028.0.0.449610.0.0.37046.0.6000.164386.0.6000.16438^Service Pack [4-9]|\d{2,}$5.0.2195.70555.04.0.1381.7116564511.0.6502.06.0.2743.6005.2.3790.5296.0.3790.26631.8.20060.42618Mozilla Firefox (1.5.0.2)^1\.5\.0\.2 .*truetrue105.0.2195.70875.6.0.07.0.6000.165137.0.6000.206286.0.3790.29626.0.2900.31646.0.2800.15996.0.3790.41065.0.3854.25005.1.2600.15551^5,50,.*5.50.4963.17005.50.4134.01005.50.4134.06005.50.4522.180015.50.4923.2500^2\.53.*$2.53.6306.02.71.9053.02.80.1062.0^2\.81.*$2.81.1124.0^2\.71.*$^2\.8.*$5.2.3790.537020305046.0.3790.504206.0.3790.26636.0.3790.5035.0.2195.7085B\.11\.11\.(00.*|01\.00[0-7])5.2.3790.198114.72.3843.31004.0.1381.72674.0.1381.3356110.0.6790.06.0.3790.26622.82.2644.05.0.2195.7093B.11.11B.11.1110.0.6802.010.0.6829.011.0.8134.09.0.0.896111.0.8132.05.0.3528.70014090510.0.0.40365.1.3102.13555.2.3790.5294.0.1381.72654.0.1381.335637.0.6000.164815.2.3790.27096.0.2900.29636.0.2800.15616.0.3790.27596.0.3790.5545.0.3842.300012.0.6024.500010.0.6832.011.0.8142.09.0.0.896301^6[,\.]0[,\.]6000[,\.]\d+$6.0.3790.41336.0.6000.165456.0.2900.31986.0.2800.19146.0.3790.29925.50.4980.16005.1.2600.31636.1.0.92320303040401016.0.2713.110014176.0.2900.262762512625080:2.0.40-21.5^.*httpd\.worker.*^([0-7].*)|(8\.([0-9]|1[01]))$8\.12\.([0-9]|10)8\.13\.[0-5]5.1.2600.16935.1.2600.268527126.0.2800.180704066.0.2800.18165.0.3854.12002.1.0.26.0.3790.326106.0.0.06.1.2600.305.1.2600.17929.0.0.33445.1.2600.26225.2.3790.224026.1.3790.1115.2.3790.26175.1.0.125125.2.3790.40625.0.2195.71355.2.3790.2919.5.1.2600.31190:0.9.7a-33.150:0.9.7a-33.150:0.9.7a-33.150:0.9.6b-16.22.3true5.2.3790.40355.2.3790.6525.2.3790.28945.0.2195.71335.1.2600.30935.0.3837.1200B.11.2210.0.8326.0.*-OEM-.*2003.1100.8029.00603030601030102301415400319noarch(none)a84edae89c800aca6.0.2800.15553.5.0.118332229332229030303040304015.2.3790.4626.0.2900.28694.0.1381.71346.0.2900.291224245.1.2600.259816.0.3790.40736.0.3790.29296.0.2900.31385.1.2600.1609C:\Program Files\Windows NT\hypertrm.exe /t %15.1.2600.2821Windows ME5.25.2.3790.2477Service Pack 110.0.0.40196.2.2551.0106.0.0.04.0.1381.70925.2.3790.26975.1.2600.28925.0.2195.7071C.04.00.00.00C.04.01.00.005.2.3790.220020214.0.1381.71527.10.0.3077B.11.23B.11.23SP2^5\.0\..*SP1^4\.10\..*4.10.1157.05.0.5317.0B.11.11B.11.115.2.3790.6515.2.3790.40335.2.3790.289216.5.9146.07.0.9975.07.10.5057.07.10.6041.04.1.0.61416.0.9792.07.0.9801.01.15.1.2600.17896.0.2800.147615.0.2195.69923.0.2.6297.0.19.09.0.0.8936(^i586$)|(^x86_64$)|(^ppc$)(none)a84edae89c800aca9.0.0.89386.0.3790.25345.0.2195.70995.2.3790.5565.1.2600.29455.1.2600.18695.2.3790.27415.2.3790.239145.2.3790.453ppc(none)a84edae89c800aca5.2.3790.386A(\.0[0-3]\..*|\.04\.[0-1].*|\.04\.20\.00[0-3])2.0.0.34245.2.3790.12426.0.2800.15226.0.2800.15236.0.3790.4135.0.2195.70655.0.3833.200040403025.1.2600.27436.0.6000.16470020811.0.8012.06.0.6000.1644565.1.2600.27446.0.2900.27636.2.4.05.0.2195.69022.71.9053.011.0.8012.00:2.0.40-21.1^.*httpd.*9truetruetrue^Mozilla \(.*\)04^Mozilla Firefox \((0\..*|1\.0\..*\))(0\..*|1\.0\..*)5.1.2600.17625.1.2600.17623/usr/openwin/lib/fs.autotruetruetrue5.0.3835.22005.5.3201.05.1.2600.183102015.0.2195.71405.0.2195.71365.0.2195.71380:1.1.9-0.9.1truetruetrue2001.12.4720.480B.10.20B.10.20B.10.200501050115.0.3502.47186.0.5600.205226.0.5600.205226.0.2900.2769015.2.3790.260614.0.1381.7214A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])A\.01\.(0.*|10.*|11[^\.]|11\.0[0-3])11.0.6566.06.0.3790.4184.0.1381.712516.0.2900.2869^5\.0+\..*5.0.3839.2200030302020101097.0.6000.164325.0.3850.19006.0.3790.28856.0.2800.15937.0.6000.164486.0.3790.402615.0.2195.49192109316.4.2600.06.4.2600.17385.1.2600.28185.0.2195.70736.0.2722.900B.11.00B.11.006.0.2600.15796.0.2600.1655.1.2600.28276.4.3790.06.4.3790.3996.0.3790.5366.1.3940.4214.0.1381.720311.0.8026.04.0.1381.335986.0.2800.17245.0.3841.19005.2.3790.3745.2.3790.37410.0.6789.05.00.2919.8005.00.2919.38005.00.2919.63075.00.2920.00005.00.3103.10005.00.3105.01065.0.3214.2000113301A\.([01].*|2\.00\.00)A\.0[12]\..*6.1.1002.0^Service Pack [1-9]|\d{2,}$5.2.3790.3465.1.2.275452truetrue44.0.1381.70644.0.1381.709715.0.2195.71335.1.2600.30995.7271129370:1.1.9-0.9100706161712unix^.*5.S106858.0.709.06.0.6619.126.5.7235.26.5.7652.2410.2.5110^11\..+10.0.6865.411.0.7218.0(^i586$)|(^x86_64$)(none)10a84edae89c800aca.*OU=Domain Controllers.*i586(none)1.0a84edae89c800aca5.65.0.3810.0^10\.0+\..*^9\.0+\..*12.0.0.011.0.0.07.10.0.308010.0.0.405811.0.5721.523011.0.6000.633610.0.0.399810.0.0.37099.0.0.33540:1.2.1-4truetrue15.2.3790.2330:1.0.1-1.*/radiusd(((A|B)\.2\.0\.55\.\d+)|((A|B)\.[3-9]\..*)|((A|B)\.[1-9]\d+\..*)|((A|B)\.2\.[1-9]\d*\..*)|((A|B)\.2\.\d+\.[6-9]\d+\..*)|((A|B)\.2\.\d+\.5[6-9]\d*\..*)|((A|B)\.2\.\d+\.\d{3,}\..*))4.71.1979.11^Service Pack [6-9]|\d{2,}$354505095.1.0.85135.5.0.85135.6.0.85135,6,0,85135,1,0,85135,5,0,85131.8.20060.111126.0.3790.2591B\.11\.11\.(00.*|01\.00[0-5])5.0.1558.66089.0.0.89305.0.2195.6958110:7.05-32.1truetruetrue5.1.2600.17345.0.3831.1800036125500224072.80.1062.04.0.1381.72681^.*ServerNT.*$4.2.775.1
^.*asp\.dll.*$
5.0.1460.95.0.1462.2262496.0.6618.45.2.3790.468305.0.3825.7009.00.00.29809.0.0.32501.115.1.2600.161715.0.2195.5269
^.*ism\.dll.*$
5.2.3790.5585.2.3790.27446.0.2900.28025.2.3790.3662001.12.4414.65116.0.2800.15435.0.2195.706115.0.2195.7035B.11.22((1\.7\.12\..*)|(1\.(([8-9])|(\d{2,}))\..*)|(1\.7\.((1[3-9])|([2-9]\d+))\..*))6.0.3790.3835.0.2195.7054Windows 98B.11.00B.11.00B.11.006.071098.0.1969.589.0.3790.298396.0.6000.206609.0.3790.412586877.0.1701.46/usr/sbin/sadmind020101/usr/sbin/sadmind15.2.3790.2806.1.9.7266.1.9.732Mozilla Firefox (1.0.7)^1\.0\.7 .*15.1.2600.11515.2.3790.419A(\.0[0-3]\..*|\.04\.[0-1].*|\.04\.20\.00[0-4])6.0.2723.2500Microsoft Virtual Server 2005 R2Microsoft Virtual Server 2005Microsoft Virtual PC 20041.1.465.155.3.0.585.3.582.441.1.465.35637:1.7.10-1.1.3.1^8\.0+\..*8.0.0.449515.2.3790.16735.1.2600.17335.0.2195.70595.0.2195.7059025.2.3790.3965.2.3790.28475.2.3790.620282.40.4531.05.2.3790.40985.2.3790.29555.1.2600.31391:2.2.2-4.rhel3truetruetrue5.0.2195.70690:1.6.7p5-1.1true5.0.2195.6991/usr/lib/fs/cachefs/cachefsdtruetruetrue025.0.3828.2700A.04.70A.04.70A.04.60A.04.60A.04.50A.04.50A.02.10A.02.0011.0.6506.0x86_64(none)a84edae89c800aca6.5.2600.06.5.2600.2749^7.1.*7.10.0.30766.0.2800.1264.hta5.0.2195.71355.2.3790.40595.2.3790.291502023.5.0.1172000.2.3535.05.2.3790.2591.*[Oo][Ff][Ff][Ii][Cc][Ee]11.*.*\\[Oo][Ff][Ff][Ii][Cc][Ee][\\9].*11.0.8118.010.0.6822.09.0.0.89546.00.3790.00006.0.3790.3736.0.3790.24915.2.3790.25425.0.2195.7057B.10.2405.1.2600.27368.00.1942000.80.608.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.628.06.0.2800.15056.0.2800.15062.81.1124.0Y5.2.3790.766.0.6617.86/usr/openwin/bin/kcms_servertruetruetrue5.50.4913.1100115.0.3539.240010:1.8.4-12.3.10:1.8.4-12.3.12.0.0.342315.2.3790.12411512035.0.3900.70715.0.3900.707810.0.6764.0^Mozilla Firefox \(1\.5\)^1\.5($|\s).*1.8.20060.30804Mozilla Firefox (1.5.0.1)^1\.5\.0\.1 .*^1\.5($|\s).*^Mozilla Thunderbird \(1\.5\)1.8.20060.30803(1\.0[ab].*|1\.0[^\.].*)^SeaMonkey \((1\.0[ab]|1\.0)\)5.2.3790.18515.2.3790.25495.2.3790.25495.1.2600.25955.0.2195.669916.0.3790.507B.11.111:1.8.17-9.21:1.8.17-9.2(^i586$)|(^x86_64$)|(^ppc$)(none)10.2a84edae89c800aca3816456truetruetruetruetruetrue112004.10.25.0.*[Oo][Ff][Ff][Ii][Cc][Ee]10.*10.0.6772.014amd647.0.6000.1638672266.5.7233.6901015.86.0.3790.6056.0.3790.28176.0.2800.15866.0.2900.302015.0.2195.70219.0.0.89389.1.9800.946.0.3790.2541truetruetrue5.1.2600.17555.1.2600.1331B.11.11B.11.115.2.3790.27485.2.3790.5606.5.3790.06.5.3790.25196.3.1.889^4\.[0]*9\..*B.11.11B\.11\.00\.(00.*|01\.00[0-3])Service Pack 45.50.4956.500Microsoft ISA Server 2000 Updates3.0.1200.430KB8997536.0.3790.26665.2.3790.243715.1.2600.16835.1.2600.26736.0.2800.15156.0.2800.15161191:0.17-20.EL3.3truetruetrue1103125.2.3790.26975.2.3790.24925.2.3790.24925.1.2600.27265.1.2600.272616.0.2800.14585.2.3790.24425.1.2600.16846.5.6749.00403025.2.3790.4265.2.3790.42615.2.3790.3590:6.2.5-6.el4.25.1.2600.27706.0.2900.30597.0.6000.164145.0.3849.5006.0.3790.6306.0.2800.15896.0.3790.28581:2.4.1.3-5.115.0.2195.6802^Service Pack [5-9]|\d{2,}$0:2.4.21-32.0.1.EL0:2.4.21-32.0.1.EL0:2.4.21-32.0.1.EL6.0.2800.1751CoPNGFilter Class6.0.2900.26686.1.0.92311B.11.04020407070:1.3.3-12.rhel3truetruetrue5.1.2600.17275.2.3790.121^4\.[0]*9\.[0]+\.[0]*900^4\.[0]*9\.[0]+\.[0]*9016.0.3790.5946.0.3790.27956.0.2900.29956.0.2800.15785.0.3842.30009.0.0.895511.0.8117.010.0.6823.06.0.3790.257716root/usr/dt/bin/rpc.ttdbserverd02B.11.236.0.2800.15285.50.4134.01005.50.4134.06005.50.4522.180015.50.4616.2005.50.4701.2400^4\.[0]*8\..*15.50.4807.23005.50.4926.25005.2.3790.13215.1001^6\..*6.0.3790.4491111.0.0.04.05.30.23.12275.40.11.22205.50.99.20145.50.99.20115.31.23.12245.05.31.23.12265.30.23.12289.0.0.010.0.0.05.0.2195.66851^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.10\))([0-1]\.[0-7]($|\s).*|[0-1]\.[0-7]\.[0-8]($|\s).*|1\.7\.10($|\s).*)(0\.[0-9].*|1\.0($|\s).*|1\.0\.[1-6]($|\s).*)^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-6]\))15.50.4952.28000:7.3.10-1^i.*8606[Ss][Pp][Aa][Rr][Cc]5.96.0.3790.29206.0.3790.40645.0.3853.30006.0.2900.31326.0.2800.15956.0.6603.06.0.6617.470:1.0.2-11.EL3.4truetruetrue^Windows.*426.0.3790.27062000.80.636.02000.80.636.05.0.2195.69055.1.2600.17155.1.2600.27165.2.3790.2483140201^.*4.S37:1.7.10-1.4.1truetruetrue2001.12.4414.535.1.2600.17205.1.2600.172076386.5.7650.280:1.2.2-511.0.8024.05.0.2195.29565.6.0.88312001.12.4720.1300:1.1.0-15.ELtruetruetruetruetruetruetruetruetruetruetruetruetruetruetrue5.1.2600.1325.1.2600.13315.0.2195.70695.0.2195.68982000.2.3511.06.0.2900.21806.0.2900.27225.0.1558.6072^7\..*$6.0.2800.15886.0.3790.28516.0.2900.30517.0.6000.163866.0.3790.623x645.2.3790.3155.2.3790.243515.2.3790.24535.131.2600.112315,50,4807,1700^6[,\.]0[,\.](2900|3790)[,\.]\d+$6.0.3790.6076.0.3790.28266.0.2900.30286.0.2800.18965.50.4971.60025.1.2600.1285.1.2600.13436.0.2750.1676.0.2800.15841.*zipfldr\.dll.*^([1-5]\.[0-9].*|6\.(0.*|1|1\.([0-9]($|\..*)|[0-1][0-9]($|\..*)|20($|\..*)|21($|\..*))))$15.0.2195.36499.0.16.08.0.22.00:0.9.7a-20.20:0.9.7a-20.20:0.9.7a-20.20:0.9.6-25.90:0.9.6b-1518155.2.3790.6155.2.3790.28375.1.2600.30385.0.2195.71121.0.0.4^Service Pack [0-4]$5.0.2195.705919452088341080:1.11.2-184.0.1381.72634.0.1381.335624.20.9841.06.0.3890.012000.81.9001.402000.81.9041.40^2\.7.*^.*3.S0:6.2.0-3.el3.1truetruetrue^SeaMonkey \(1\.0[ab]\)^1\.0[ab].*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-7]\))(0\.[0-9].*|1\.0($|\s).*|1\.0\.[1-7]($|\s).*)^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-7]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-7]($|\s).*([0-1]\.[0-7]($|\s).*|[0-1]\.[0-7]\.[0-8]($|\s).*|1\.7\.1[0-2]($|\s).*)^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.1[0-2]\))8.505.2.3790.161\d+/8\d+B.11.00\d+/7\d+WinNT1Y5.2.3790.137srv03_qfe5.2.3790.141srv03_qfe4.0.1381.720214\d+/7\d+\d+/8\d+B.11.04B.11.04B.11.04B.11.046,0,3790,06.0.3790.1371^4\.07.*5.0.2195.69271^4\.08\.00.*5.0.2258.4101^4\.08\.01.*5.1.2600.8911^4\.08\.02.*5.2.3677.1441^4\.09\.00.*5.3.0.90315.00.3502.10005.0.3541.270018.00.1942000.80.650.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.628.0000^Service Pack [3-9]|\d{2,}$Microsoft Exchange 20006.0.5700.21Terminal Server4.014.0.1381.705816.0.2900.287324114.2.764.10:2.4.21-15.EL^.*LanmanNT.*$5.0.2195.6902^Service Pack [0-2]$6.0.2900.257831111111111^6\.0+\.2600\.0+$16.0.2712.300111130:2.4.21-15.EL05.0.2195.580716,0,2800,11066.0.2800.14099^i[3-6]86$0:0.9.13-1.90.10:0.9.13-1.90.111515.1.2600.11255.1.2600.1375.1.2600.151515.1.2600.1375.1.2600.1362^.*httpd.*0:1.4.3-0.e3.116.00.2800.110633336.0.2800.14916.0.2800.14925.1.2600.1365.1.2600.13635.1002021010111101015.7030338275.9[Ss][Pp][Aa][Rr][Cc]^i.*86020205045.2.3790.3475.2.3790.2464^3.Struetruetrue0:1.11.2-245.1.2600.26985.1.2600.17015.0^Service Pack ([4-9]|\d{2,})$5.0.2195.70535.2.3790.24655.2.3790.2483Service Pack 25.1.2600.27165.1.2600.17155.26.0.3790.24915.1.2600.16995.2.3790.2477^0\.9($|\s).*^Mozilla Firefox \(0\.9.*\)^0\.[6-8]($|\s).*^Mozilla Thunderbird \(0\.[6-8]\)^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-4]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-4]\))^0\.[0-8]($|\s).*^Mozilla Thunderbird \(0\.[0-8]\)^0\.[6-9]($|\s).*^Mozilla Thunderbird \(0\.[6-9]\)^1\.7($|\s).*|^1\.7\.[0-3]($|\s).*^Mozilla (\(1\.7\)|\(1\.[0-7]\.[0-3]\))^0\.[0-9]($|\s).*^Mozilla Firefox \(0\.[0-9].*\)^[0-1]\.0($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\))^[0-1]\.0($|\s).*^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-5]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-5]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-1]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-1]\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-6]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-6]\))^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-3]\))^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-7]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-2]($|\s).*^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-2]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-2]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-2]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-4]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-4]\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-8]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-8]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-3]($|\s).*^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-7]($|\s).*5.1x8615.1.2600.1285.1.2600.1340^Service Pack [2-9]|\d{2,}$5.00.3700.1000^Service Pack [4-9]|\d{2,}$5.05.2x866.0.2900.29976.0.2800.1580^6\..*5.0.3845.18006.0.3790.5936.0.3790.27945.838truetruewindows5.1Service Pack 1ia64\MSN Messenger\system32\Windows Media\ServerInetPub\scripts\proxy\System\Ole DB folder\Microsoft Shared\web server extensions\50\bin\Microsoft Shared\web server extensions\40\bin\Microsoft Shared\web server extensions\40\isapiReader\plug_ins\Microsoft Shared\WMI\Microsoft Shared\TextConv\syswow64\Microsoft Shared\web server extensions\12\BIN\Messenger\Common Files\System\ado\Microsoft.NET\Framework\v1.0.3705\Microsoft Shared\OFFICE12\Microsoft.NET\Framework\v2.0.50727\syswow64\Microsoft.NET\Framework\v1.1.4322\web server extensions\50\isapi\_vti_adm\Common Files\Microsoft Shared\VBA\VBA6\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\Microsoft Office\Office12\Microsoft Shared\GRPHFLT\Microsoft Content Management Server\Server\bin\Windows Media Player\Common Files\System\MAPI\1033\NT\Windows NT\Accessories\ImageVue\Common Files\System\MSMAPI\1033\Common Files\Microsoft Shared\CDO\RES\Microsoft Virtual PC\Microsoft Virtual Server\Windows NT\Accessories\Help\SBSI\Training\Common Files\System\msadc\msagent\Common Files\Microsoft Shared\TextConv\Common Files\System\MAPI\1033\Crystal Decisions\1.1\Managed\microsoft shared\trieditOFFICE11\Microsoft Shared\OFFICE11\Exchsrvr\res\system32\Macromed\Flash\bin\system32\inetsrv\System32\drivers\System32\Common Files\Microsoft Shared\VGX