The OVAL Repository5.32015-09-03T06:14:00.654-04:00Microsoft Share Level Password VulnerabilityMicrosoft Windows 98File and Print SharingFile and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.Tiffany BergeronINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 COM Internet Services/RPC over HTTP Proxy Component Buffer OverflowMicrosoft Windows 2000COM Internet ServicesBuffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.Christine WalzerINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v6.0 MHTML URL Processing VulnerabilityMicrosoft Windows XPMicrosoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 6.0 for Windows XP/2003 is installedMicrosoft Windows XPMicrosoft Outlook Express 6.0Microsoft Outlook Express 6.0 for Windows XP/2003 is installedRobert L. HollisDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDIE v6.0 Content Disposition/Type Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.Andrew ButtnerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 6,SP1 News Reading VulnerabilityMicrosoft Windows XPMicrosoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 6 SP1 is installed.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook Express 6Microsoft Outlook Express 6 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDWindows XP IIS Out of Process Privilege Elevation VulnerabilityMicrosoft Windows XPMicrosoft Internet Information Server (IIS)Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDGopher Client Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.David ProulxChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE Frame Domain Verification VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDWindows NT Media Services ISAPI Logging VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.Christine WalzerINTERIMACCEPTEDACCEPTEDIE File Upload VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerThe file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components SQL-DMO Buffer Overflow (Test 2)Microsoft Windows XPMicrosoft Data Access Components 2.6Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDMicrosoft Data Access Components SQL-DMO Buffer Overflow (Test 1)Microsoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE Cookie-based Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerThe zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 WMF/EMF Buffer OverflowMicrosoft Windows 2000Enhanced Metafile (EMF)Windows Metafile (WMF)Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows 2000 RPCSS Service DCOM Activation Denial of ServiceMicrosoft Windows 2000Remote Procedure Call (RPC)An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.Christine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 SSL PCT Handshake VulnerabilityMicrosoft Windows 2000Private Communications Transport (PCT)Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.Andrew ButtnerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS ASP Server-Side Include Function Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDIE File Download Dialog VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows NT IIS Cross-site Scripting VulnerabilitiesMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Cross-site Scripting VulnerabilitiesMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDIIS5.0 Windows Media Services Large POST VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.Christine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 Media Services ISAPI Logging VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.Christine WalzerINTERIMACCEPTEDACCEPTEDIIS WebDAV Request Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIIS showcode.asp Sample File VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.Christine WalzerINTERIMACCEPTEDACCEPTEDIIS5.0 Script Source Access VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Out of Process Privilege Elevation VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows NT IIS Out of Process Privilege Elevation VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE URLMON Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS IE HTML Directive Buffer OverflowMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDWindows Server 2003 ASN.1 Library Double-free Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft ASN.1 LibraryDouble free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.David ProulxINTERIMACCEPTEDACCEPTEDZone Spoofing through Malformed Web Page VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE Slash Characters in Type Property VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE File Execution User-prompt Bypass VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE Cached Content Command Execution VulnerabilityMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.Tiffany BergeronINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS HTTP Error Page Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.Harvey RubinovitzShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDIIS4.0 Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIIS ASP Source Code Access VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 IIS System File Listing Privilege Elevation VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows NT IIS System File Listing Privilege Elevation VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWindows 2000 H.323 Protocol Remote Code Execution VulnerabilityMicrosoft Windows 2000H.323Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.Jonathan BakerINTERIMACCEPTEDACCEPTEDWindows Server 2003 Help Center Command Insertion VulnerabilityMicrosoft Windows Server 2003Help and Support Center (HSC)Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.Harvey RubinovitzHarvey RubinovitzINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 3)Microsoft Windows 2000Remote Procedure Call (RPC)A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.Christine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 SSL Library Denial of ServiceMicrosoft Windows 2000Secure Sockets Layer (SSL)The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.David ProulxINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDWindows 2000 Local Descriptor Table Kernel Access VulnerabilityMicrosoft Windows 2000Local Descriptor Table (LDT)The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.Jonathan BakerINTERIMACCEPTEDACCEPTEDWindows 2000 MUP UNC Request Buffer OverflowMicrosoft Windows 2000Multiple UNC Provider (MUP)Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.Tiffany BergeronShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP4 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 LSASS Buffer Overflow (Sasser Worm Vulnerability)Microsoft Windows 2000Local Security Authority Subsystem Service (LSASS)Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.Tiffany BergeronINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v5.5,SP2 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDMS Windows Media Service Denial of ServiceMicrosoft Windows 2000Windows Media ServicesUnknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.Tiffany BergeronINTERIMJohn HoylandINTERIMJohn HoylandJeff ChengJeff ChengINTERIMMSO.DLL Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows 7Microsoft Office XPBuffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 3-Function Buffer OverflowMicrosoft Windows 2000Microsoft SQL ServerBuffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.Yi-Fang KohIngrid SkoogINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMike LahINTERIMACCEPTEDACCEPTEDMicrosoft RPC Denial of ServiceMicrosoft Windows 2000Microsoft SQL Server 2000Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.Tiffany BergeronJonathan BakerINTERIMIngrid SkoogACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (Win2k,SP4)Microsoft Windows 2000COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDAddress Bar Spoofing on Double Byte Character Set Systems VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS HTTP Error Page Cross-site ScriptingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.Tiffany BergeronJosh TurpinDEPRECATEDDEPRECATEDIE v6.0, SP1 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Travel Log Cross Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003 WINS Buffer OverflowMicrosoft Windows Server 2003Windows Internet Naming Service (WINS)The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows Server 2003 ASN.1 Library Integer Overflow VulnerabilitiesMicrosoft Windows Server 2003Microsoft ASN.1 LibraryMultiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.Andrew ButtnerINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows Script Engine Heap Overflow (Test 3)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.5Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDDEPRECATED: Windows Script Engine Heap Overflow (Test 2)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.1Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDIE6:XP,SP2 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE6,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Install Engine Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Telnet Environment Disclosure VulnerabilityMicrosoft Windows 2000Services for UNIXThe Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.Jonathan BakerDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows Server 2003 Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows Server 2003Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows 2000 IIS Directory Traversal Command Execution (Test 1)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Tiffany BergeronTiffany BergeronACCEPTEDINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows XP Kernel Debugger-based Buffer Overflow (Test 2)Microsoft Windows XPWindows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDLSASS Privilege Escalation Vulnerability (Windows 2000)Microsoft Windows 2000Local Security Authority Subsystem Service (LSASS)LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 CSRSS Privilege Escalation VulnerabilityMicrosoft Windows 2000Client Server Runtime System (CSRSS)Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP4 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Install Engine Buffer OverflowMicrosoft Windows XPMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxMaria MikhnoINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 5)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft SharePoint Team ServicesUnknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMGlenn StricklandShane ShafferSudhir GandheShane ShafferINTERIMIE v5.01,SP3 SSL Cached Content VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Process Handle Duplication Privilege EscalationMicrosoft Windows 2000smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.Tiffany BergeronShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Data Access Components 2.7 Broadcast Response Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Data Access Components 2.7Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v6.0,SP2 for Server 2003 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 (XP) Travel Log Cross Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAndrew SimmonsINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 5)Microsoft Windows 2000Microsoft FrontPage Server Extensions 2000Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Tiffany BergeronAndrew ButtnerINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0 (XP) HijackClick VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDKorean IME Privilege Elevation Vulnerability in Office 2003 and AccessoriesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT Variant of Chunked Encoding Buffer OverrunMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE v6.0,SP1 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2k Embedded Web Font VulnerabilityMicrosoft Windows 2000Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows 2000 Hyperlink Object Library Unchecked Buffer VulnerabilityMicrosoft Windows 2000Hyperlink Object LibraryThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDIE6 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDPrivilege Escalation Using Cached Admin ConnectionMicrosoft Windows 2000Microsoft SQL Server 2000An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.Yi-Fang KohACCEPTEDJonathan BakerJonathan BakerINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 WINS Buffer OverflowMicrosoft Windows 2000Windows Internet Naming Service (WINS)The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.Andrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE6,SP1 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVisual Basic for Applications VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Basic 6.0Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Temporary Internet Files folders Name Reading VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Agent Security Prompt Spoofing Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft AgentMicrosoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDEMF Rendering Denial of Service Vulnerability (64-bit Windows XP and Server 2003,Unpatched)Microsoft Windows XPMicrosoft Windows Server 2003The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDBuffer overflow vulnerability in kavfm.sys in Kingsoft Antivirus 2010.7.30.201 and earlierMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPKingsoft AntivirusBuffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDKingsoft Antivirus is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPKingsoft AntivirusKingsoft Antivirus is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Install Engine Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIIS ASP Function Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.David ProulxChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows (ME, NT, 2K, XP), IE v6,SP1 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 ASN.1 Library Integer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft ASN.1 LibraryMultiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.Andrew ButtnerINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'ashWsFtr.dll' Unspecified VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusUnspecified vulnerability in ashWsFtr.dll in Avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDOffice BMP Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office XPInteger overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office XPGDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Project 2002 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Project 2002 SP1 is installed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2002 SP2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office Visio 2002The application Microsoft Office Visio 2002 SP2 is installed.Robert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Trusted Domain LoopholeMicrosoft Windows 2000In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.Tiffany BergeronTiffany BergeronACCEPTEDINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 for Server 2003 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Travel Log Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Remote Access Service Phonebook Buffer OverflowMicrosoft Windows 2000Remote Access Service (RAS)Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.Tiffany BergeronShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Function Pointer Drag and Drop VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExchange Server 5.5 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'aswMon2.sys' Stack-based Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusStack-based buffer overflow in aswMon2.sys in Avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows XP,SP1 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows XPThe Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDVirtual PC and Virtual Server Privileged Instruction Decoding VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Virtual Server 2005Microsoft Virtual PC 2004Microsoft Virtual PC 2007The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 R2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Virtual Server 2005 R2The application Microsoft Virtual Server 2005 R2 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2007 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2007 Service Pack 1 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2007 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 Enterprise is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Virtual Server 2005The application Microsoft Virtual Server 2005 Enterprise is installed.Sudhir GandheDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2004 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2004 Service Pack 1 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 Standard is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Virtual Server 2005The application Microsoft Virtual Server 2005 Standard is installed.Sudhir GandheDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Install Engine Buffer OverflowMicrosoft Windows MEMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows Server 2003The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 3)Microsoft Windows XPMicrosoft FrontPage Server Extensions 2000Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01, SP4 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'aavmKer4.sys' Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusaavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAvast! AntiVirus for Windows is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Avast! AntiVirusThe application Avast! AntiVirus for Windows is installed.Sharath SDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in Content-Disposition Header VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office XPCross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDACCEPTEDWindows Messenger 6 libpng Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMSN MessengerMultiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDDEPRECATEDMaria KedovskayaDEPRECATEDWindows 2000 NNTP Component Buffer OverflowMicrosoft Windows 2000Network News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows RPC Denial of ServiceMicrosoft Windows 2000Remote Procedure Call (RPC)The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.Tiffany BergeronChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDataGrid Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Visual Basic 6.0The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) HijackClick VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla IDN heap overrun using soft-hyphensMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaBuffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMSJava Applet CODEBASE File Access VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Virtual Machine (VM)Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.Tiffany BergeronINTERIMACCEPTEDACCEPTEDHierarchical FlexGrid Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Visual Basic 6.0Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS HTTP Redirect Error Message Cross-site ScriptingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.Tiffany BergeronJosh TurpinDEPRECATEDDEPRECATEDMasked Edit Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0Microsoft Visual FoxProMicrosoft Visual Studio .NET 2002Microsoft Visual Studio .NET 2003Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDAccess Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Office SharePoint Server 2007Microsoft Search Server 2008Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Search Server 2008 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Search Server 2008 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Workstation Service Logging Function Buffer OverflowMicrosoft Windows 2000Microsoft Windows Workstation ServiceStack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.Tiffany BergeronACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 SSL Cached Content VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDImproper Cross Domain Security Validation with ShowHelp FunctionalityMicrosoft Windows 2000Microsoft Internet ExplorerThe showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."David ProulxChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOWA For Exchange Server Parsing XSS VulnerabilityMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.Jeff ItoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 SP1 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 SP1 is installed.Jeff ItoDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCharts Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0Microsoft Visual FoxProMicrosoft Visual Studio .NET 2002Microsoft Visual Studio .NET 2003The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2003 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Visual Studio .NET 2003 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Visual Basic 6.0 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0The application Microsoft Visual Basic 6.0 is installed.SecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Visual FoxPro is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual FoxProMicrosoft Visual FoxPro is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 for 2003, SP3 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows (ME, NT, 2K), IE v5.5,SP2 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.6 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.6Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.5, SP2 SSL Cached Content VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Win2k,SP4)Microsoft Windows 2000MSDTCThe MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDExchange Server 2003 Routing Engine Buffer OverflowMicrosoft Windows Server 2003SMTPThe SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 (XP) Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Malformed PNG Image File Failure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOWA For Exchange Server Data Validation XSS VulnerabilityMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.Jeff ItoDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Install Engine Buffer OverflowMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Install Engine Buffer OverflowMicrosoft Windows Server 2003Microsoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Improper URL Canonicalization VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.5 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v6.0 VulnerabilitiesMicrosoft Windows XPMicrosoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Malformed GIF Image Double-free VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01, SP4 SSL Cached Content VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Improper URL Canonicalization VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Bitmap Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Message Queuing Buffer OverflowMicrosoft Windows 2000Message QueuingBuffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft .NET Framework v1.0 Security BypassMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft .NET FrameworkThe Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMMatthew WojcikDaniel TarnuACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE5.01,SP4)Microsoft Windows 2000Microsoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Encoded Characters Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS Windows RPC DCOM DoS-based Privilege Escalation VulnerabilityMicrosoft Windows 2000Remote Procedure Call (RPC)The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.Tiffany BergeronACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMSN Messenger GIF Size Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003MSN MessengerGIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDJonathan BakerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Improper URL Canonicalization VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."David ProulxRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnchecked Buffer in SQLXML ISAPI Extension for Microsoft Data Access Components 2.7Microsoft Windows 2000Microsoft SQL Server 2000Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."Matthew BurtonMatthew BurtonDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE5.01,SP3)Microsoft Windows 2000Microsoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDDan HaynesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDProxy Server Reverse DNS Lookup Results SpoofingMicrosoft Windows NTProxy Server 2.0 SP1Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.Christine WalzerDRAFTINTERIMChristine WalzerIngrid SkoogACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDUnchecked Buffer in SQLXML ISAPI Extension for Microsoft Data Access Components 2.6Microsoft Windows 2000Microsoft SQL Server 2000Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."Matthew BurtonMatthew BurtonMatthew BurtonDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDWindows 2000 Object Management VulnerabilityMicrosoft Windows 2000Windows kernelBuffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIIS Server Side Include Web Pages Buffer OverrunMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."Tiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWin2k Large Window Size TCP RST Denial of ServiceMicrosoft Windows 2000TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0 (XP) Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS Internet Security and Acceleration Server H.323 Buffer OverflowMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Internet Security and Acceleration Server 2000Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.David ProulxINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengJeff ChengACCEPTEDACCEPTEDMS Exchange / OWA NTLM Authentication VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Exchange ServerMicrosoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.Andrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMJeff ChengJeff ChengINTERIMWindows Server 2003 IIS WebDAV Message Handler Denial of Service VulnerabilityMicrosoft Windows Server 2003Microsoft Internet Information Server (IIS)The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows NT Terminal Server VDM Privilege Escalation VulnerabilityMicrosoft Windows NTVDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDHyperTerminal Session File Vulnerability (Windows 2000)Microsoft Windows 2000HyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDJohn HoylandINTERIMDaniel TarnuACCEPTEDMike LahINTERIMMike LahACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows 2000 Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows 2000Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIE v6.0 (XP) Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSHTA Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Windows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01 Encoded Characters Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzACCEPTEDRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDISA Server NetBIOS Packet Filter Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.Christine WalzerDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDACCEPTEDIE6 (for Server 2003) Content Advisor Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDLoadImage Cursor and Icon Format Handling Vulnerability (Windows 2000)Microsoft Windows 2000Cursor and Icon FormattingInteger overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 Unknown Vector SMB VulnerabilityMicrosoft Windows 2000Small Business Server 2000Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."Jonathan BakerDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 HTML Help Remote Code Execution VulnerabilityMicrosoft Windows 2000HTML Help FacilityInteger overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.Andrew ButtnerDRAFTINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDEPRECATED: IIS Help File Search Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.Tiffany BergeronShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWindows 2000 Access Requests Privilege Escalation VulnerabilityMicrosoft Windows 2000Windows kernelThe kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows Server 2003 (32-Bit) Unchecked Buffer in NetDDEMicrosoft Windows Server 2003NetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows ListView Shatter Message VulnerabilityMicrosoft Windows 2000Utilities Manager/Windows MessagingThe control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDEPRECATED: Windows NT HTR ISAPI Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE v6.0 Temporary Internet Files folders Name Reading VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003 NNTP Component Buffer OverflowMicrosoft Windows Server 2003Network News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.01, SP3 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Long Share Names VulnerabilityMicrosoft Windows 2000Windows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 VDM Privilege Escalation VulnerabilityMicrosoft Windows 2000VDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visual Studio .NET 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDISA Server Reverse DNS Lookup Results SpoofingMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDACCEPTEDWindows 2003 (32-Bit) Program Group Converter Buffer OverflowMicrosoft Windows Server 2003Program Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDWindows Telnet Server Buffer OverflowMicrosoft Windows 2000Telnet protocolBuffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.Christine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDWindows XP (32-bit) RPCSS DCOM Buffer Overflow (Blaster)Microsoft Windows XPDistributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (IE6)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTED.NET 2.0 Application Folder Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft .NET FrameworkMicrosoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."Robert L. HollisINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows XP, IE v6.0 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP2 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Cross Domain Verification via Cached Methods VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSuppressed: Duplicate of OVAL1655Microsoft Windows Server 2003Microsoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisDEPRECATEDClifford FarrugiaDEPRECATEDMSHTA Code Execution Vulnerability (32-bit Server 2003)Microsoft Windows Server 2003Windows ShellThe document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMicrosoft Winsock Proxy Service Denial of ServiceMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.Tiffany BergeronACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDSMB Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000SMB (Server Message Block)The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDExchange Server SMTP Buffer OverflowMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Exchange ServerHeap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDCode Execution via Compiled HTML Help FileMicrosoft Windows 2000HTML Help FacilityThe HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDOffice XP URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office XP SP3Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogIngrid SkoogIngrid SkoogAnna MinDRAFTINTERIMACCEPTEDINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Windows XP)Microsoft Windows XPGDI+Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDIE v5.5,SP2 GetObject File RetrievalMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01, SP3 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 Malformed PNG Image File Failure VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0 (XP) ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Tiffany BergeronAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003 (32-Bit) DUNZIP Integer OverflowMicrosoft Windows Server 2003Compressed FoldersInteger overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.David ProulxDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIE5.01,SP4 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP4 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS HTTP Header Field Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDHelp and Support Center PCHealth System Buffer Overflow (32-bit XP)Microsoft Windows XPWindows Help and Support CenterStack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office XP SP2Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDIE v6.0 Cross Domain Verification via Cached Methods VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) SSL Cached Content VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE AbusiveParent Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMAndrew ButtnerACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2k IP Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE6 for XP,SP2)Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Project 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDWindows 2000 Group Policy BypassMicrosoft Windows 2000Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.Tiffany BergeronChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.5,SP2 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft .NET FrameworkCross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 (Original RTM or later) is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 2.0Microsoft .NET Framework 2.0 (Original RTM or later) is installedSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDWindows ME Program Group Converter Buffer OverflowMicrosoft Windows MEProgram Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE6,SP1)Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDJason SpashettINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Help ActiveX Control Buffer OverflowMicrosoft Windows 2000HTML Help ActiveX ControlBuffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.Christine WalzerAndrew ButtnerACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIIS AddHeader Large Header Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.Tiffany BergeronChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0,SP1 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows NT IIS Directory Traversal Command Execution (Test 1)Microsoft Windows NTMicrosoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Tiffany BergeronACCEPTEDIE v5.01,SP3 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 HijackClick VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWINS Association Context Vulnerability (64-bit Server 2003, Test 2)Microsoft Windows Server 2003Windows Internet Naming Service (WINS)The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 3)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft SharePoint Team ServicesBuffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMS FrontPage Server Extensions Chunked Encoded Request Buffer Overflow (Test 1)Microsoft Windows XPMicrosoft FrontPage Server Extensions 2000Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01,SP4 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 (Server 2003) Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6.0,SP1 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWeb View Remote Code Execution VulnerabilityMicrosoft Windows 2000Windows ExplorerThe Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.Ingrid SkoogDRAFTAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDLicense Logging Service Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Data Access Components 2.8The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.1 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows NTMicrosoft Data Access Components 2.1Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework v1.1 Security BypassMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft .NET FrameworkThe Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengACCEPTEDDragos PrisacaINTERIMACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDWindows XP Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows XPThe Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerINTERIMACCEPTEDRobert L. HollisACCEPTEDINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE v5.01,SP4 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE .chm Directory Traversal Windows Server 2003 VulnerabilityMicrosoft Windows Server 2003HTML Help FacilityInternet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS FTP Connection Status Request Denial of ServiceMicrosoft Windows 2000FTPThe FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.Tiffany BergeronGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDIE v6.0,SP1 (Server 2003) ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE AbusiveParent Vulnerability (32-bit XP)Microsoft Windows XPMicrosoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003,SP1 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows Server 2003The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWin2k Blind Connection Reset Attack VulnerabilityMicrosoft Windows 2000Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v6.0,SP1 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Task Scheduler Stack OverflowMicrosoft Windows 2000Task SchedulerStack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE v5.01,SP4 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 ComboBox/ListBox GUI Widget User32.dll Buffer OverflowMicrosoft Windows 2000Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.Tiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDINTERIMChristine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWindows 2000 Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows 2000The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMicrosoft Outlook Express v6.0 (WinXP) Malformed Email Header Denial of ServiceMicrosoft Windows XPMicrosoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMChristine WalzerACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows Server 2003, IE v6,SP1 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP2 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows NNTP Memory LeakMicrosoft Windows 2000Network News Transport Protocol (NNTP)Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.Christine WalzerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.5 Domain Restriction Bypass Cross-Frame ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Visio 2003The application Microsoft Office Visio 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Bitmap Integer Overflow VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAnimated Cursor Denial of Service (Windows 2000)Microsoft Windows 2000Windows Animated CursorThe Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDServer 2003 Hyperlink Object Library Unchecked Buffer VulnerabilityMicrosoft Windows Server 2003Hyperlink Object LibraryThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMAndrew ButtnerACCEPTEDACCEPTEDIE v6.0 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6.0,SP2 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows XP VDM Privilege Escalation VulnerabilityMicrosoft Windows XPVDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDMS SQL Server Bulk Insert Procedure Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDIE6 (for XP,SP2) Content Advisor Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Kernel Debugger-based Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDHyperTerminal Session File Vulnerability (Server 2003)Microsoft Windows Server 2003HyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTHarvey RubinovitzHarvey RubinovitzINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMike LahINTERIMMike LahACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE6 DHTML Method Heap Memory Corruption Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzHarvey RubinovitzHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Unchecked Buffer in NetDDE (Test 1)Microsoft Windows 2000NetDDENetwork Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDNelson BunkerINTERIMShane ShafferACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE6 for Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDMS FrontPage Server Extensions SmartHTML Denial of Service (Test 1)Microsoft Windows 2000Microsoft FrontPage Server Extensions 2000Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.Tiffany BergeronTiffany BergeronINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE6 for Server 2003 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzHarvey RubinovitzHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDSQL Server LPC Port Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.Yi-Fang KohJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMMatthew WojcikMatthew WojcikMatthew WojcikACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDDan HaynesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft SMTP Malformed BDAT Request Denial of ServiceMicrosoft Windows 2000SMTPSMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.Tiffany BergeronAndrew ButtnerShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDSQL Server Named Pipe Denial of ServiceMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.Yi-Fang KohJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMMatthew WojcikMatthew WojcikMatthew WojcikACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows 2000 SNMPv1 Trap Handling DoS and Privilege Escalation (Test 2)Microsoft Windows 2000Simple Network Management Protocol (SNMP)Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Harvey RubinovitzHarvey RubinovitzINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDRPCSS DCOM Buffer Overflow (XP)Microsoft Windows XPDistributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 2)Microsoft Windows 2000Remote Procedure Call (RPC)Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.Tiffany BergeronACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows XP,SP2 IE6.0 Drag-and-Drop VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDJeff ChengINTERIMACCEPTEDDan HaynesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.6 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.6Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDOLE Component Input Validation Vulnerability (Windows 2000)Microsoft Windows 2000Windows Media Player 9The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDExchange Cross-Site Request Forgery vulnerability - CVE-2015-1771 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnchecked Buffer in Password Encryption ProcedureMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows 2000, IE v5.01 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Heap Overrun in HTR Chunked EncodingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDExchange HTML injection vulnerability - CVE-2015-2359 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint page content vulnerabilities – CVE-2015-1700 (MS15-047)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft SharePoint Server 2007Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDOWA modified canary parameter cross site scripting vulnerability - CVE-2015-1628 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWMI Object Broker VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual StudioCross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDExchangeDLP cross site scripting vulnerability - CVE-2015-1629 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player Buffer Overflow via ASFMicrosoft Windows XPWindows Media Player for Windows XPBuffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.Tiffany BergeronACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1636 (MS15-022)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDExchange Server-Side Request Forgery vulnerability - CVE-2015-1764 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 8 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 8 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAudit report cross site scripting vulnerability - CVE-2015-1630 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint XSS vulnerability – CVE-2015-1653 (MS15-036)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8.1Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDXSLT Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesBuffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDOutlook Web App token spoofing vulnerability (CVE-2014-6319) - MS14-075Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDExchange URL redirection vulnerability (CVE-2014-6336) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS vulnerability (CVE-2014-6326) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 IE HTML Help ActiveX control Cross Domain VulnerabilityMicrosoft Windows 2000Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."Matthew BurtonDRAFTMatthew BurtonMatthew BurtonINTERIMACCEPTEDACCEPTEDExchange forged meeting request spoofing vulnerability - CVE-2015-1631 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS vulnerability (CVE-2014-6325) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 CU 6 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 CU 6 is installed. Microsoft Exchange Server is calendaring software, a mail server and contact manager developed by Microsoft.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE for Server 2003 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzHarvey RubinovitzHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExchange error message cross site scripting vulnerability - CVE-2015-1632 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 7 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 7 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1633 (MS15-022)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSharePoint elevation of privilege vulnerability - CVE-2014-4116 (MS14-073)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDSMB Session Digital Signature SidestepMicrosoft Windows 2000SMB Signing (Server Message Block)The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 Program Group Converter Buffer OverflowMicrosoft Windows 2000Program Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDWINS Association Context Vulnerability (Terminal Server Test 1)Microsoft Windows NTWindows Internet Naming Service (WINS)The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDServer 2003 Font Buffer OverflowMicrosoft Windows Server 2003Windows kernelBuffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDMicrosoft Data Access Components 2.5 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDIE v6.0 Domain Restriction Bypass Cross-Frame ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSQL Server OpenDataSource/OpenRowset Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.Yi-Fang KohIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDIE v5.01 Content Disposition/Type Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.Tiffany BergeronChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP3 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 2)Microsoft Windows 2000Certificate ValidationThe (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.Christine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows XP Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows XPStack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4068) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOutlook Express v6.0 for Server 2003 Malformed Email Header Denial of ServiceMicrosoft Windows Server 2003Microsoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4071) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Lync Server 2010Microsoft Lync Server 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Lync Server 2013Microsoft Lync Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 RPCSS DCOM Buffer Overflow (Blaster, Test 1)Microsoft Windows 2000Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Tiffany BergeronACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 98 Long Share Names VulnerabilityMicrosoft Windows 98Windows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability allows remote attackers to bypass Protected ModeMicrosoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.Maria MikhnoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAllows remote attackers to spoof web sites via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDAllows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDSharePoint Page Content Vulnerability (CVE-2014-2816) - MS14-050Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service (memory corruption) by leveraging access to a Low integrity process.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 9 is installedMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 9A version of Microsoft Internet Explorer 9 is installed.Shane ShafferDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Kernel Debugger-based Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDIE v6.0 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Network Connection Manager Privilege EscalationMicrosoft Windows 2000Network Connection Manager (NCM)A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.Christine WalzerChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP3 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows XP Hyperlink Object Library Unchecked Buffer VulnerabilityMicrosoft Windows XPHyperlink Object LibraryThe Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDLicense Logging Service Vulnerability (Windows 2000)Microsoft Windows 2000Microsoft Data Access Components 2.8The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDArbitrary code executing via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.Maria MikhnoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Font Buffer OverflowMicrosoft Windows 2000Windows kernelBuffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.Ingrid SkoogDRAFTINTERIMChristine WalzerAndrew ButtnerACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE6 for Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMJohn HoylandACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWINS Association Context Vulnerability (Windows 2000)Microsoft Windows 2000The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01,SP4 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSQL Server Format String VulnerabilityMicrosoft Windows 2000Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.Yi-Fang KohShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDService Bus Denial of Service Vulnerability - CVE-2014-2814 (MS14-042)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Service Bus 1.1Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Service Bus 1.1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Service Bus 1.1Microsoft Service Bus 1.1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Server 2003 (32-Bit) DirectPlay Denial of ServiceMicrosoft Windows Server 2003DirectXIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronTiffany BergeronTiffany BergeronINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS Chunked Encoding Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWindows Utility Manager Shatter Message Vulnerability IIMicrosoft Windows 2000Utility ManagerUtility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.Jonathan BakerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE v6.0 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWeb Applications Page Content Vulnerability (CVE-2014-1813) - MS14-022Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8Microsoft Office Web Apps 2010Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDNetwork News Transfer Protocol Buffer OverflowMicrosoft Windows Server 2003Network News Transport Protocol (NNTP)The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Christine WalzerDRAFTINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDSharePoint XSS Vulnerability (CVE-2014-1754) - MS14-022Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft Office Web Apps Server 2013Microsoft SharePoint Server 2013 Client Components SDKCross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 Client Components SDK is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft SharePoint Server 2013 Client Components SDKMicrosoft SharePoint Server 2013 Client Components SDK is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 SP1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 SP1 is installedSecPod TeamDRAFTMaria MikhnoINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing on Double Byte Character Set Systems Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows XP (64-Bit) DirectPlay Denial of ServiceMicrosoft Windows XPDirectXIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronTiffany BergeronTiffany BergeronINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0981)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxVBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v5.5,SP2 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0983)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxMultiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS FTP Connection Status Request Denial of ServiceMicrosoft Windows NTFTPThe FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.Tiffany BergeronGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE5.01,SP3 Channel Definition Format Cross Domain VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003 Shell CLSID File Type Spoof VulnerabilityMicrosoft Windows Server 2003The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.Christine WalzerINTERIMACCEPTEDRobert L. HollisACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows 2000 Media Player PNG Processing VulnerabilityMicrosoft Windows 2000Windows Media Player 9Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengACCEPTEDACCEPTEDTroubleshooter ActiveX Control Buffer OverflowMicrosoft Windows 2000Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.Tiffany BergeronAndrew ButtnerACCEPTEDACCEPTEDIE v6.0,SP1 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSQL Server Named Pipe HijackingMicrosoft Windows 2000Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.Yi-Fang KohJonathan BakerINTERIMACCEPTEDINTERIMIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows Project Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDSQL Server Extended Stored Procedure Parameter ParsingMicrosoft Windows 2000Microsoft SQL ServerThe xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.Tiffany BergeronIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMIngrid SkoogACCEPTEDChristine WalzerChristine WalzerChristine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDACCEPTEDExchange Server 2003 (INTERIM) Routing Engine Buffer OverflowMicrosoft Windows Server 2003SMTPThe SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.Christine WalzerDRAFTChristine WalzerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDIE v5.5 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxMaria MikhnoINTERIMACCEPTEDACCEPTEDSharePoint Privilege Elevation VulnerabilityMicrosoft Windows Server 2003SharePointMultiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.Robert L. HollisDRAFTChris WoodINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Services 2003 are installed.Microsoft Windows Server 2003Microsoft Office SharePoint Services 2003 are installed.Robert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE5.01,SP4)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5 Frames Cross-site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.Harvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0404Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0406Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 SSL Cached Content VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesThe XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 5 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 5Microsoft XML Core Services 5 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 3Microsoft XML Core Services 3 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 Variant of Chunked Encoding Buffer OverrunMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."Andrew ButtnerACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWindows XP (32-Bit) DirectPlay Denial of ServiceMicrosoft Windows XPDirectXIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronTiffany BergeronTiffany BergeronTiffany BergeronINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDWin2k Path MTU Discovery Attack VulnerabilityMicrosoft Windows 2000Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDHelp and Support Center PCHealth System Buffer Overflow (Windows 2000)Microsoft Windows 2000Help and Support Center (HSC)Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE v5.01,SP4 Bitmap Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003 HtmlHelp Heap OverflowMicrosoft Windows Server 2003HTML Help FacilityHeap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDOutlook Express v5.5,SP2 Malformed Email Header Denial of ServiceMicrosoft Windows 2000Microsoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDWindows 2000 Messenger Service Buffer OverflowMicrosoft Windows 2000Messenger ServiceThe Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.Christine WalzerACCEPTEDAndrew ButtnerACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Enhanced Metafile Image Format Rendering Buffer OverflowMicrosoft Windows 2000Enhanced Metafile (EMF)Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5763) - MS13-105Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to CVE-2013-3624.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 IIS HTTP Redirect Error Message Cross-site ScriptingMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.Harvey RubinovitzShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDSNMP Agent Service Buffer OverflowMicrosoft Windows 2000Simple Network Management Protocol (SNMP)Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.Tiffany BergeronShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDSignalR XSS Vulnerability (CVE-2013-5042) - MS13-103Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Visual Studio Team Foundation ServerCross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012 R2Microsoft Windows Server 2012Microsoft Visual Studio Team Foundation ServerMicrosoft Visual Studio Team Foundation Server 2013 is installedSecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Content Advisor Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSharePoint Page Content Vulnerabilities (CVE-2013-5059) - MS13-100Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Microsoft Office Web Apps Server 2013Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE v5.01,SP3 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v6.0,SP1 for Server 2003 VulnerabilitiesMicrosoft Windows Server 2003Microsoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDHarvey RubinovitzINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOWA XSS Vulnerability (CVE-2013-5072) - MS13-105Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Windows Server 2008Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (WinS03)Microsoft Windows Server 2003The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE v5.01,SP2 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in Crystal Reports for Microsoft Visual Studio Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Visual StudioStack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.Robert L. HollisDRAFTJeff ChengJeff ChengINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2002 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2002 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio 2005 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Visual Studio 2005Microsoft Visual Studio 2005 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIMAP Literal Processing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerInteger overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDWindows 2000 Drag-and-Drop VulnerabilityMicrosoft Windows 2000Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJeff ChengINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE ActiveX Popup Zone Restriction BypassMicrosoft Windows 2000Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).Tiffany BergeronAndrew ButtnerACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExchange 2003,SP1 Calendar VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerUnspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDIE v6.0 Frames Cross-site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.Harvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla Accessing XBL Compilation Scope via valueOf.call()Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Microsoft Internet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMS Exchange Server Cross-site Scripting VulnerabilityMicrosoft Windows NTOutlook Web AccessCross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5791) - MS13-105Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Windows Server 2008Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 3 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 3 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Microsoft JScript Memory Corruption Vulnerability (WinXP)Microsoft Windows XPOperating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDDEPRECATEDDEPRECATED: Windows Script Engine Heap Overflow (Test 1)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPWindows Script Engine for JScript v5.6Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxDavid ProulxACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDSuppressed OVAL20Microsoft Windows 2000Distributed Component Object Model (DCOM)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisDEPRECATEDDEPRECATEDExchange 2003,SP2 Calendar VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerUnspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDMSDTC Denial of Service Vulnerability (Win2K)Microsoft Windows 2000Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWeak Encryption in RDP ProtocolMicrosoft Windows 2000Remote Data Protocol (RDP)Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."Tiffany BergeronChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDScott QuintINTERIMACCEPTEDACCEPTEDCSS Cross-Domain Information Disclosure Vulnerability (WinS03)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDRASMAN Registry Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDAutomatic ActiveX Approval on Windows 2000 Low MemoryMicrosoft Windows 2000The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.Tiffany BergeronTiffany BergeronACCEPTEDACCEPTEDIIS ISAPI Extension Indexing Service Buffer Overflow (Code Red)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.Tiffany BergeronTiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows XP IE HTML Help ActiveX control Cross Domain VulnerabilityMicrosoft Windows XPInternet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMozilla Cross-site Scripting Using .valueOf.call()Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMicrosoft Outlook Express v6,SP1 Malformed Email Header Denial of ServiceMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE .chm Directory Traversal Windows 2000 VulnerabilityMicrosoft Windows 2000HTML Help FacilityInternet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDActiveX Control Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3180) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 Service Pack 2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMHT Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3849) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSMB Driver Elevation of Privilege Vulnerability (Win2K)Microsoft Windows 2000The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDActiveX Certificate Enrollment Unauthorized Remote Certificate DeletionMicrosoft Windows 2000Certificate Enrollment ControlUnknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.Christine WalzerACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE Cross-Site ScriptingMicrosoft Windows 2000Microsoft Internet ExplorerCross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.Andrew ButtnerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3847) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWord memory corruption vulnerability in Microsoft SharePoint (CVE-2013-3857) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 2 is installedSecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP2 is installedSecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDMIME Decoding VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Exchange ServerMicrosoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDNetwork Share Provider Buffer OverflowMicrosoft Windows 2000SMB (Server Message Block)Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".Christine WalzerChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMozilla Cross-site Scripting through window.controllersMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft SharePoint (CVE-2013-3858) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web AppsMicrosoft SharePoint Server 2010Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3848) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows XP Enhanced Metafile Image Format Rendering Buffer OverflowMicrosoft Windows XPEnhanced Metafile (EMF)Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDART Image Rendering Vulnerability (WinS03)Microsoft Windows Server 2003Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDRASMAN Registry Corruption Vulnerability (Win2K)Microsoft Windows 2000Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMozilla Cross-site JavaScript Injection Using Event HandlersMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDSMB Invalid Handle Vulnerability (Win2K)Microsoft Windows 2000The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMozilla Mozilla Firefox Tag Order VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillansHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (Win2k)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-2393 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (RegEx)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaInteger overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-3776 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDServer 2003 CSRSS Privilege Escalation VulnerabilityMicrosoft Windows Server 2003Client Server Runtime System (CSRSS)Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v9.0)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Media PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows NT IIS Heap Overrun in HTR Chunked EncodingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDExchange 2000,SP4 Calendar VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerUnspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-3781 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 2 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP3 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP3 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMozilla Secure-site Spoof (requires security warning dialog)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDWindows 2000 Negotiate Security Software Provider Denial of Service VulnerabilityMicrosoft Windows 2000Negotiate SSP interfaceThe Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.Ingrid SkoogINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v8.0)Microsoft Windows XPMedia PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDFlash Address Bar Spoofing Vulnerability (WinS03)Microsoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDCSS Cross-Domain Information Disclosure Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000,SP4 Remote Desktop Protocol (RDP) DoS VulnerabilityMicrosoft Windows 2000The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE v6.0 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMChristine WalzerACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSMB Driver Elevation of Privilege Vulnerability (WinS03)Microsoft Windows Server 2003The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIP Source Route Vulnerability (Win2K)Microsoft Windows 2000Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDDEPRECATED: Microsoft JScript Memory Corruption Vulnerability (Win2K w/ JScript 5.6)Microsoft Windows 2000Operating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDIE6 Script Execution Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Outlook Express 5.5 WAB Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Outlook ExpressBuffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandAnna MinINTERIMACCEPTEDACCEPTEDIE v5.5 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."Andrew ButtnerMaria MikhnoINTERIMACCEPTEDACCEPTEDMSDTC Denial of Service Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMicrosoft Windows 2000 Microsoft Data Access Components RDS.Dataspace Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Data Access ComponentsUnspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIP Source Route Vulnerability (WinS03)Microsoft Windows Server 2003Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE5 HTA Execution Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCOM Object Instantiation Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMultiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDServer 2003 COM object Remote Code Execution VulnerabilityMicrosoft Windows Server 2003Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDRPC Mutual Authentication VulnerabilityMicrosoft Windows 2000Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDServer 2003 Access Requests Privilege Escalation VulnerabilityMicrosoft Windows Server 2003Windows kernelThe kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDART Image Rendering Vulnerability (Win2K)Microsoft Windows 2000Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHTML Decoding Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDFPSE XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft FrontPage Server Extensions 2002Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft FrontPage Server Extensions 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft FrontPage Server Extensions 2002Microsoft FrontPage Server Extensions 2002 is installedMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE5 Address Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5.01,SP3 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDException Handling Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Microsoft Internet ExplorerUnspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE6 HTA Execution Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visual Studio .NET 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDRRAS Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows Virtual DOS Machine Local Privilege Escalation Vulnerability (Test 2)Microsoft Windows NTVDMThe component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.Ingrid SkoogACCEPTEDACCEPTEDIE5 HTML Parsing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE AbusiveParent Vulnerability (64-bit XP)Microsoft Windows XPMicrosoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE GetObject Security BypassMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.David ProulxChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDHTML Object Memory Corruption Vulnerability (IE6 for XP,SP2)Microsoft Windows XPMicrosoft Internet ExplorerRace condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0.
Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate VeridataMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Oracle GoldenGate DirectorOracle GoldenGate VeridataApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (moz-grid)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaUnspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDIE 5.01 DHTML Method Call Memory CorruptionMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared FoldersMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDServer 2003 Insecure Default ACLsMicrosoft Windows Server 2003Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMicrosoft Outlook Express 6,2003 News Reading VulnerabilityMicrosoft Windows Server 2003Microsoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling."Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (CSS BO)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDWindows Media Player 9 Bitmap Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Windows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDCallback Function Vulnerability - MS13-024Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDIE6 COM Object Instantiation Memory Corruption (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3214 (MS13-013)Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDKorean IME Privilege Elevation Vulnerability in Server 2003Microsoft Windows Server 2003The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDSharePoint Directory Traversal Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDDEPRECATED: Microsoft JScript Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Operating SystemMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDBuffer Overflow Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDRemote Code Execution Vulnerability in IE5.01Microsoft Windows 2000Microsoft Internet ExplorerAn unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed File FormatMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDIE6 Multiple Event Handler Memory Corruption (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed GraphicMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0418 - MS13-012Microsoft Windows Server 2008Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox 4.1 componentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSystem Center Operations Manager Web Console XSS Vulnerability-II - MS13-003Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 R2Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Windows Essentials Could Allow Information Disclosure - MS13-045Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2012Microsoft Windows Essentials 2011Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Essentials 2012 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2012Microsoft Windows Essentials 2012 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Essentials 2011 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2011Microsoft Windows Essentials 2011 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0393 - MS13-012Microsoft Windows Server 2008Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP2 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP2 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities-I MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instructionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxSun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDMaria KedovskayaDEPRECATEDRSS Feed May Cause Exchange DoS Vulnerability - MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 Graphics Rendering Engine VulnerabilityMicrosoft Windows Server 2003The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3217 (MS13-013)Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDHyperTerminal Session File Vulnerability (Windows XP,SP1)Microsoft Windows XPHyperTerminalHyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.Harvey RubinovitzDRAFTHarvey RubinovitzHarvey RubinovitzINTERIMChristine WalzerDavid ProulxACCEPTEDDaniel TarnuINTERIMACCEPTEDMike LahINTERIMMike LahACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows ME Long Share Names VulnerabilityMicrosoft Windows MEWindows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDFlash Address Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003 Plug and Play Buffer Overflow VulnerabilityMicrosoft Windows Server 2003Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS Chunked Encoding Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDWindows Media Player 10 Bitmap Remote Code ExecutionMicrosoft Windows XPWindows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMRobert L. HollisACCEPTEDJonathan BakerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMalformed iCal VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Exchange ServerThe Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities-II MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin2K Kernel Privilege Escalation VulnerabilityMicrosoft Windows 2000The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDReflected XSS Vulnerability - MS12-062Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R3Microsoft Systems Management Server 2003Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 R2 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R2 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 R3 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007 R3Microsoft System Center Configuration Manager 2007 R3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 SP2 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 SP2 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Systems Management Server 2003 SP3 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Systems Management Server 2003Microsoft Systems Management Server 2003 SP3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Systems Management Server 2003 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Systems Management Server 2003Microsoft Systems Management Server 2003 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player 7.10 Bitmap Remote Code ExecutionMicrosoft Windows 2000Windows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDXSS Vulnerability - MS12-061Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Microsoft Visual Studio Team Foundation Server 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSystem Center Operations Manager Web Console XSS Vulnerability-I - MS13-003Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 R2Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 SP1 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 R2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007 R2Microsoft System Center Operations Manager 2007 R2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in SharePoint could allow information disclosure - MS13-030Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XIIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IVMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed DescriptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 Media Player PNG Processing VulnerabilityMicrosoft Windows Server 2003Windows Media Player 9Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDTrueType Font Parsing Vulnerability (CVE-2012-0159)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendeeMicrosoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel LPC Privilege Escalation Vulnerability (Windows 2000)Microsoft Windows 2000Windows kernelThe Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IXMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDXSS scriptresx.ashx Vulnerability - MS12-050Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDWin2K,SP4 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDSharePoint Script in Username Vulnerability - MS12-050Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (Server 2003)Microsoft Windows Server 2003TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMozilla Downloading Executables with "Save Image As..."Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDWebClient Service Unchecked Buffer Remote Code Execution (Server 2003)Microsoft Windows Server 2003Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDCSNW Remote Buffer Overflow via Network Messages (Server 2003)Microsoft Windows Server 2003NetWareThe Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (Server 2003)Microsoft Windows Server 2003Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDCSNW Remote Buffer Overflow via Network Messages (Win2k,SP4)Microsoft Windows 2000NetWareThe Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWin2k,SP4 DDS Library Shape Control Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDWindows XP HtmlHelp Heap OverflowMicrosoft Windows XPHTML Help FacilityHeap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDTrueType Font Parsing Vulnerability (CVE-2011-3402)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendeeUnspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDExcel Viewer 2003 Remote Code Execution via Malformed RecordMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OfficeStack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDUnsupported Version of WindowsMicrosoft Windows 2000Microsoft Windows XP'As Service Packs released by Microsoft mature, earlier versions and releases become unsupported. This equates to a cessation in software and security patches for that baseline. Using an unsupported version of Windows represents a severe security risk.'Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWin2K,SP4 HTTPS Proxy VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 HtmlHelp Heap OverflowMicrosoft Windows 2000HTML Help FacilityHeap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.Andrew ButtnerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDIE6 Address Bar Spoofing Vulnerability (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMozilla Application Suite has reached End-of-LifeMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozilla'mozilla.org has launched and delivered SeaMonkey, a community effort to deliver production-quality releases of code derived from the \"Mozilla Application Suite\". This equates to a cessation in software and security patches for that baseline. Using an unsupported software represents a high security risk because no fixes or patches will be made available in response to new vulnerabilities.'Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMRobert L. HollisDEPRECATEDDEPRECATEDWin2K,SP4 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin2k,SP4 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTED.lnk File-Open Remote Code Execution Vulnerability (Windows 2000,SP4)Microsoft Windows 2000Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDLync Insecure Library Loading Vulnerability (CVE-2012-1849)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendantMicrosoft Lync 2010 AttendeeUntrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendee (user level install) is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendeeMicrosoft Lync 2010 Attendee (user level install) is installed.SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendant is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendantMicrosoft Lync 2010 Attendant is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendee (admin level install) is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendeeMicrosoft Lync 2010 Attendee (admin level install) is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBInteger signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDIE6 Double Byte Character Parsing Memory Corruption(Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft FAST Search Server 2010 for SharePoint is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointMicrosoft FAST Search Server 2010 for SharePoint is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 SP3 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2007 SP3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP1 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP2 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP2 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDXSS in wizardlist.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesBuffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHeap Overrun in XBM Image ProcessingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaHeap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDAddress Bar Spoofing Vulnerability (WinS03)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMSDTC Invalid Memory Access Vulnerability (Server 2003)Microsoft Windows Server 2003Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDServer 2003 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDWindows 2000 Shell Buffer OverflowMicrosoft Windows 2000Windows ShellBuffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.Christine WalzerChristine WalzerINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDCOM+ Memory Structures Process Permits Remote Code Execution (Server 2003)Microsoft Windows Server 2003COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDStack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDXSS in inplview.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDInteger underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesInteger underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDServer 2003 File Download Dialog Box Manipulation VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMultiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDServer 2003 DDS Library Shape Control Buffer OverflowMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDMaria MikhnoDEPRECATEDMSDTC Unchecked Buffer Permits Remote Code Execution or Privilege Elevation (Server 2003)Microsoft Windows Server 2003MSDTCThe MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5 Multiple Event Handler Memory Corruption (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE5 COM Object Instantiation Memory Corruption (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite about: Scheme Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDWindows 2000 SNMPv1 Trap Handling DoS and Privilege Escalation (Test 1)Microsoft Windows 2000Simple Network Management Protocol (SNMP)Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.Harvey RubinovitzAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDXSS in themeweb.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Malware Protection Engine Vulnerability-IIMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for SMTP GatewayMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for SharePointMicrosoft Windows DefenderWindows Live OneCareUnspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArgument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesArgument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAntiXSS Library Bypass VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Anti-Cross Site Scripting Library V3.xMicrosoft Anti-Cross Site Scripting Library V4.0The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDWin2K Graphics Rendering Engine VulnerabilityMicrosoft Windows 2000The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDStack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft IE Encoded Characters Information DisclosureMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."Harvey RubinovitzChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBkuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.Aharon CherninDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDIBM DB2 UDB is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPIBM DB2IBM DB2 UDB is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDServer 2003 DirectShow Malicious avi File VulnerabilityMicrosoft Windows Server 2003DirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDBuffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesBuffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMHT Memory Corruption Vulnerability (WinS03)Microsoft Windows Server 2003Microsoft Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDHeap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesHeap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (Win2K,SP4)Microsoft Windows 2000Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDHTML Decoding Memory Corruption Vulnerability (Win2K)Microsoft Windows 2000Microsoft Internet ExplorerHeap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (Server 2003)Microsoft Windows Server 2003TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDConvert Buffer Overrun Vulnerability in SQL ServerMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.SecPod TeamDRAFTPradeep R BINTERIMACCEPTEDACCEPTEDServer 2003 Print Spooler Service Buffer OverflowMicrosoft Windows Server 2003Print Spooler ServiceBuffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.Matthew BurtonDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Malware Protection Engine Vulnerability-IMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for SMTP GatewayMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for SharePointMicrosoft Windows DefenderWindows Live OneCareUnspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Forefront Security for SharePoint is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Forefront Security for SharePointMicrosoft Forefront Security for SharePoint is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Antigen for Exchange is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for Exchange is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Forefront Security for Exchange Server is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for Exchange Server is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Defender is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows DefenderMicrosoft Windows Defender is installed.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDMicrosoft Antigen for SMTP Gateway is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for SMTP GatewayMicrosoft Antigen for SMTP Gateway is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Live OneCare is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows Live OneCareMicrosoft Windows Live OneCare is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIBM Lotus Notes is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPIBM Lotus NotesIBM Lotus Notes is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOutlook Web Access Script Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".Robert L. HollisDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2003 Service Pack 2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2003Exchange Server 2003 SP2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Exchange Server 2000 Service Pack 3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Exchange Server 2000SP3 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2003 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Exchange Server 2003 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 (no Service Pack) is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 (no Service Pack) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS HTTP Header Field Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDMicrosoft Java Virtual Machine Security BypassMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Virtual Machine (VM)The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."Tiffany BergeronINTERIMACCEPTEDACCEPTEDServer 2003 IE HTML Help ActiveX control Cross Domain VulnerabilityMicrosoft Windows Server 2003HTML Help ActiveX ControlInternet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDACCEPTEDWindows Script Engine Heap Overflow (Test 4)Microsoft Windows 2000Windows Script Engine for JscriptInteger overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.DRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMAnna MinACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDTIP Request Validation Process Permits Denial of Service (Win2k,SP4)Microsoft Windows 2000TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP4 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6 for XP,SP2 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6 for Server 2003 Drag-and-Drop VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Harvey RubinovitzDRAFTINTERIMHarvey RubinovitzHarvey RubinovitzHarvey RubinovitzACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDDan HaynesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 Certificate Validation Identity Spoofing Vulnerability (Test 1)Microsoft Windows 2000Certificate ValidationThe (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.Christine WalzerChristine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 IIS WebDAV Message Handler Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Internet Information Server (IIS)The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.Jonathan BakerDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE5.01,SP4 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Harvey RubinovitzDRAFTJonathan BakerINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDServer 2003 Microsoft Data Access Components RDS.Dataspace Remote Code Execution VulnerabilityMicrosoft Windows Server 2003Microsoft Data Access ComponentsUnspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS ASP Server-Side Include Function Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE6:XP,SP2 Web Folder Behaviors Cross-Domain VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDServer 2003 HTTPS Proxy VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExchange Server 5.0 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBox related to Guest Additions for WindowsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.Shane ShafferDRAFTShane ShafferINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria KedovskayaINTERIMMaria KedovskayaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDTCP/IP IGMP v3 Denial of Service (Server 2003)Microsoft Windows Server 2003Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE5.01,SP4 Security Zone Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite JavaScript Integer OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaInteger overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDWindows XP Media Player PNG Processing VulnerabilityMicrosoft Windows XPWindows Media Player 9Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."Christine WalzerDRAFTChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengJeff ChengACCEPTEDACCEPTEDEndless Loop DoS in snabase.exe VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004Microsoft Host Integration Server 2006Microsoft Host Integration Server 2009Microsoft Host Integration Server 2010Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows 2000 HTR ISAPI Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinDEPRECATEDSudhir GandheShane ShafferDEPRECATEDUnspecified vulnerability in Oracle VM VirtualBoxMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.Shane ShafferDRAFTShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMMaria KedovskayaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE6 HTML Tag Memory Corruption (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIFRAME VulnerabilityMicrosoft Windows 98Microsoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerHeap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAccess of Unallocated Memory DoS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004Microsoft Host Integration Server 2006Microsoft Host Integration Server 2009Microsoft Host Integration Server 2010Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2004 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004A version of Microsoft Host Integration Server 2004 SP1 is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyTodd DolinskyINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2006 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2006A version of Microsoft Host Integration Server 2006 is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2009 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Host Integration Server 2009A version of Microsoft Host Integration Server 2009 is installedDragos PrisacaDRAFTDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Host Integration Server 2010A version of Microsoft Host Integration Server 2010 is installedDragos PrisacaDRAFTDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows Explorer Web View Script Injection VulnerabilityMicrosoft Windows 2000Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDNetwork Connection Manager Interruption of Service (Windows 2000)Microsoft Windows 2000netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWin2k Land VulnerabilityMicrosoft Windows 2000Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).Matthew BurtonDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDContact Details Reflected XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows SharePoint Services 3.0Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDFTP Download Destination Tampering Vulnerability (Server 2003)Microsoft Windows Server 2003The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDXSS in SharePoint Calendar VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 'AddFavorite' Method Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 7Microsoft Internet Explorer 8Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 through 8 spoofing vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 Color Management Module Buffer OverflowMicrosoft Windows 2000Microsoft Color Management ModuleBuffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.Christine WalzerDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 98 Program Group Converter Buffer OverflowMicrosoft Windows 98Program Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDEditform Script Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2010 is installed.Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2010Microsoft Office SharePoint Server 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDObject Spoofing using XBL <implements> VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDServer 2003 Object Management VulnerabilityMicrosoft Windows Server 2003Windows kernelBuffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".Ingrid SkoogDRAFTINTERIMChristine WalzerACCEPTEDACCEPTEDSecurity bypass vulnerability in Apache Tomcat 7.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatApache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRPCSS DCOM Buffer Overflow (Windows 2000)Microsoft Windows 2000Remote Procedure Call (RPC)Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.Tiffany BergeronACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWin2k,SP4 DirectShow Malicious avi File VulnerabilityMicrosoft Windows 2000DirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaA regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDTMG Firewall Client Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Forefront Threat Management Gateway 2010 ClientThe NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer cross-site scripting (XSS) vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 8The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.Dragos PrisacaDRAFTBrandon ShillingINTERIMACCEPTEDACCEPTEDWMF Rendering Code Execution Vulnerability (64-bit Windows XP and Server 2003,Unpatched)Microsoft Windows XPMicrosoft Windows Server 2003Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDSQL Injection vulnerability in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0 Improper Cross Domain Security Validation with Dialog BoxMicrosoft Windows 2000Microsoft Internet ExplorerMicrosoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."Andrew ButtnerChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInteger overflow vulnerability in the mt_rand function in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaPHPInteger overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.SecPod TeamDRAFTINTERIMShane ShafferACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBox 4.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VM VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDACCEPTEDVirtualBox is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxVirtualBox is installedSecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDNULL byte injection vulnerability in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPPHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player 8 Bitmap Remote Code ExecutionMicrosoft Windows XPWindows Media PlayerHeap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDDistributed TIP Request Validation Process Permits Denial of Service (Win2k,SP4)Microsoft Windows 2000TIPDistributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDNetwork Connection Manager Interruption of Service (Server 2003)Microsoft Windows Server 2003netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDDenial of service vulnerability in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 in IMAP extensionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPDouble free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMozilla Privilege Escalation Using a JavaScript Function's Cloned ParentMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDPlug and Play User Data Validation Vulnerability (Windows 2000)Microsoft Windows 2000Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDEMF Rendering Denial of Service Vulnerability (Windows 2000)Microsoft Windows 2000The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDMike LahINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDVulnerability in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE5.01,SP4 PNG Image Buffer OverflowMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in HTTP BIO connector in Apache Tomcat 7.0.x through 7.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatThe HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDApache Tomcat is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatApache Tomcat is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer PDF Printing Information DisclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 7 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet Explorer 7A version of Microsoft Internet Explorer 7 is installed.Sudhir GandheDRAFTINTERIMAndrew ButtnerACCEPTEDBrendan MilesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 6The application Microsoft Internet Explorer 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE6,SP1 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in the Standard PHP Library (SPL) extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player PNG Vulnerability (v7.1)Microsoft Windows 2000Media PlayerStack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIE Improper Object Tag HandlingMicrosoft Windows 2000Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.Tiffany BergeronTiffany BergeronACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRace condition vulnerability in the PCNTL extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPRace condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDStep-by-Step Interactive Training Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Interactive TrainingBuffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDMSDTC Invalid Memory Access Vulnerability (Win2K)Microsoft Windows 2000Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows 2000 TAPI Buffer OverflowMicrosoft Windows 2000Telephony ServiceBuffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.Andrew ButtnerDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft SQL Server Extended Stored Procedure Buffer OverflowMicrosoft Windows 2000Microsoft SQL Server 2000Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.Yi-Fang KohIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDIE6,SP1 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStack based buffer overflow vulnerability in Novell File Reporter (NFR) before 1.0.2Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPNovell File ReporterStack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDNovell File Reporter is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPNovell File ReporterNovell File Reporter is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDExchange Server Infinite Loop VulnerabilityMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange ServerMicrosoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 SP2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 SP2 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSecurity bypass vulnerability in the extract function in PHP before 5.2.15Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Forced Script ExecutionMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.David ProulxMaria MikhnoINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite Chrome Window Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDURL Parsing Memory Corruption Vulnerability (IE5.01,SP3)Microsoft Windows 2000Microsoft Internet ExplorerBuffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSO Large SPID Read AV VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office XP is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The application Microsoft Office XP is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPHP is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPPHP is installedSecPod TeamDRAFTINTERIMSecPod TeamACCEPTEDACCEPTED.lnk File-Properties Remote Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWin2K COM object Remote Code Execution VulnerabilityMicrosoft Windows 2000Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDIE .chm Directory Traversal Windows XP VulnerabilityMicrosoft Windows XPHTML Help FacilityInternet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDDEPRECATED: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet ExplorerUse-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references.SecPod TeamDRAFTINTERIMDragos PrisacaDEPRECATEDMaria MikhnoDEPRECATEDMicrosoft Internet Explorer 8 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8A version of Microsoft Internet Explorer 8 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMMaria MikhnoACCEPTEDACCEPTEDWindows 2000 SMB Buffer OverflowMicrosoft Windows 2000SMB (Server Message Block)Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.Tiffany BergeronACCEPTEDAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE6 DHTML Method Call Memory Corruption (Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMalformed Request Code Execution VulnerabilityMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Office SharePoint Server 2007Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2007 is installed.Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2007Microsoft Office SharePoint Server 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft ISA Server Cross-Site ScriptingMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."Tiffany BergeronACCEPTEDJeff ChengINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDACCEPTEDSuppressed: Duplicate of OVAL3743Microsoft Windows Server 2003Microsoft Word for Windows 6.0 ConverterMicrosoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.Christine WalzerDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisDEPRECATEDClifford FarrugiaDEPRECATEDWindows 2000 COM Structured Storage VulnerabilityMicrosoft Windows 2000COM Internet ServicesWindows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDCrystal Reports Business Objects Directory TraversalMicrosoft Windows 2000Crystal EnterpriseCrystal ReportsDirectory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.Andrew ButtnerJonathan BakerINTERIMCrash on "zero-width non-joiner" SequenceMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDServer 2003,SP1 DirectShow Malicious avi File VulnerabilityMicrosoft Windows Server 2003DirectXQUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.Robert L. HollisDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE6 Installed XP,SP2 File Disclosure via Redirects VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFTP Download Destination Tampering Vulnerability (Windows 2000)Microsoft Windows 2000The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.Robert L. HollisDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDISA Server Poison Cache VulnerabilityMicrosoft Windows 2000Microsoft Internet Security and Acceleration Server 2000Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.Christine WalzerDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDACCEPTEDIE6,SP1 JPEG Image Rendering Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerUnknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v6.0,SP1 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBuffer Overflow in CDOSYS Message Processing (Server 2003)Microsoft Windows Server 2003Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDServer 2003 Embedded Web Font VulnerabilityMicrosoft Windows Server 2003Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDServer 2003 Color Management Module Buffer OverflowMicrosoft Windows Server 2003Microsoft Color Management ModuleBuffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.Christine WalzerDRAFTINTERIMACCEPTEDACCEPTEDMS Windows RPC DCOM DoS-based Privilege Escalation Vulnerability (Test 2)Microsoft Windows 2000Remote Procedure Call (RPC)The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.Christine WalzerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE6,SP2 PNG Image Buffer OverflowMicrosoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.Harvey RubinovitzDRAFTHarvey RubinovitzINTERIMACCEPTEDAnna MinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE AbusiveParent Vulnerability (32-bit Server 2003)Microsoft Windows Server 2003Microsoft Internet ExplorerThe DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.Jonathan BakerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Server 2003)Microsoft Windows XPMicrosoft Windows Server 2003GDI+Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDDirectX 9 DirectShow Malicious MIDI File VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDIE Web Page Spoofing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."Tiffany BergeronINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDirectX 8 DirectShow Malicious MIDI File VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE plugin.ocx Heap OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Server 2003 SSL PCT Handshake VulnerabilityMicrosoft Windows Server 2003Private Communications Transport (PCT)Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.Andrew ButtnerINTERIMACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDServer 2003 IE Mismatched Document Object Memory Corruption VulnerabilityMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."Robert L. HollisDRAFTRobert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows ntdll.dll Buffer OverflowMicrosoft Windows 2000Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.Tiffany BergeronAnna MinINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDXMLHttpRequest Header Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMicrosoft Outlook Express 5.5,SP2 News Reading VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDMozilla JavaScript Garbage-collection Hazard AuditMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDExchange 2000 Server TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMS SQL Server 2000 Resolution Service Buffer OverflowMicrosoft Windows NTMicrosoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.Tiffany BergeronINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDDCOM RPC Object Identity Windows XP VulnerabilityMicrosoft Windows XPRemote Procedure Call (RPC)The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows 2000 Internet Printing ISAPI Extension Buffer OverflowMicrosoft Windows 2000Microsoft Internet Information Server (IIS)Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.Christine WalzerINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft JScript Memory Corruption VulnerabilityMicrosoft Windows 98Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDDCOM RPC Object Identity Windows 2003 VulnerabilityMicrosoft Windows Server 2003Remote Procedure Call (RPC)The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."Christine WalzerINTERIMACCEPTEDACCEPTEDWMF Rendering Code Execution Vulnerability (Windows 2000)Microsoft Windows 2000Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.Robert L. HollisDRAFTINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDDCOM RPC Object Identity Windows 2000 VulnerabilityMicrosoft Windows 2000Remote Procedure Call (RPC)The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."Christine WalzerINTERIMACCEPTEDACCEPTEDIE6:XP,SP2 COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Certificate Validation Flaw Identity Spoofing VulnerabilityMicrosoft Windows XPMicrosoft CryptoAPIThe (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.Christine WalzerChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMultiple Vulnerabilities in Rockliffe MailSite ExpressMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Rockliffe MailSite ExpressCross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.Rahul MohandasDRAFTINTERIMACCEPTEDACCEPTEDWindows 2000 IIS Directory Traversal Command Execution (Test 2)Microsoft Windows 2000Microsoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Christine WalzerINTERIMACCEPTEDACCEPTEDWindows Utility Manager Shatter Message VulnerabilityMicrosoft Windows 2000Utility ManagerThe Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.Harvey RubinovitzINTERIMACCEPTEDACCEPTEDWindows 2000 Print Spooler Service Buffer OverflowMicrosoft Windows 2000Print Spooler ServiceBuffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.Matthew BurtonDRAFTINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft XML Core Services VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core ServicesUnspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 6Microsoft XML Core Services 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 4 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 4Microsoft XML Core Services 4 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components SQL-DMO Buffer Overflow (Test 3)Microsoft Windows XPMicrosoft Data Access Components 2.7Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerChristine WalzerINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDMozilla Privilege Escalation via XBL.method.evalMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDVeritas Backup Exec RestrictAnonymous Forced Misconfiguration VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Veritas Backup Exec 8.5Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.Tiffany BergeronINTERIMIngrid SkoogINTERIMWindows Server 2003 Help and Support Center HCP URL Validation VulnerabilityMicrosoft Windows Server 2003Help and Support Center (HSC)Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).Harvey RubinovitzDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWindows Server 2003 COM Internet Services/RPC over HTTP Proxy Component Buffer OverflowMicrosoft Windows Server 2003COM Internet ServicesBuffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.Christine WalzerINTERIMACCEPTEDAndrew ButtnerINTERIMAndrew ButtnerACCEPTEDACCEPTEDMicrosoft Outlook Express v6.0 for Server 2003 MHTML URL Processing VulnerabilityMicrosoft Windows Server 2003Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDWindows 2000 DirectPlay Denial of ServiceMicrosoft Windows 2000Microsoft DirectPlayIDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE5.01,SP3 File Disclosure via Redirects VulnerabilityMicrosoft Windows 2000Microsoft Internet ExplorerThe legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIncorrect Permission on SQL Server Service Account Registry KeyMicrosoft Windows NTMicrosoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."Tiffany BergeronINTERIMACCEPTEDJonathan BakerINTERIMINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows NT IIS Directory Traversal Command Execution (Test 2)Microsoft Windows NTMicrosoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDWin2k Domain Controller LSASS Denial of ServiceMicrosoft Windows 2000Lightweight Directory Access Protocol (LDAP)Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.Tiffany BergeronINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDWinXP,SP2 Drag-and-Drop VulnerabilityMicrosoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIE File Download Dialog Deception VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows 2000 IIS5 WebDAV Denial of ServiceMicrosoft Windows 2000Microsoft Internet Information Server (IIS)IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v6.0,SP1 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDWindows XP IIS5 WebDAV Denial of ServiceMicrosoft Windows XPMicrosoft Internet Information Server (IIS)IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE6,SP1 DHTML Method Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDFirefox and Mozilla top.focus() Cross-Site Scripting VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.Robert L. HollisChristine WalzerJonathan BakerINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDACCEPTEDServer 2003 PKINIT Information Disclosure VulnerabilityMicrosoft Windows Server 2003Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDServer 2003 Kerberos Message DoS VulnerabilityMicrosoft Windows Server 2003Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows 2000 PKINIT Information Disclosure VulnerabilityMicrosoft Windows 2000Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.Robert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDWindows 2000 Kerberos Message DoS VulnerabilityMicrosoft Windows 2000Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.Robert L. HollisINTERIMACCEPTEDAnna MinINTERIMACCEPTEDShane ShafferINTERIMSudhir GandheShane ShafferACCEPTEDACCEPTEDMozilla Local File Loading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Creates World-readable temp FilesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing during Binary DownloadMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing via "View Source"Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Inactive Tab Form Data Theft VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Malicious news: VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla ThunderbirdHeap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox Script-generated Download Prompt BypassMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Inactive Tab Dialog Box VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxmozillaFirefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla 407 Proxy Information Disclosure VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Thunderbird Subject to IE Vulnerabilities via javascriptMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla ThunderbirdThunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Mail News Cookie Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers bypass the user's intended privacy and security policy by using cookies in e-mail messages.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Livefeed Bookmark Cookie SwipingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Popup Content Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla UTF8 to Unicode Conversion Heap OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdHeap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Download/Security Dialogs Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla 'user:pass@host' Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdThe installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla String Library Memory Overwrite VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdString handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Autocomplete Data LeakMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XSLT Stylesheet Information Disclosure PotentialMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Double Download .lnk VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla "Save Link As" Dialog Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Download Dialog Source Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla HTTP auth Prompt Tab SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Image Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Cross-site Scripting via Drag and Drop to TabMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Privileged Content Loading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla IDN Homograph Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla GIF Heap OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdHeap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDFirefox Sidebar Panel Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XUL Drag and Drop Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Javascript "lambda"Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla PLUGINSPAGE Privileged Javascript Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla blocked javascript: popup Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Global Pollution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla favicons Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Search Plugin Cross-site Scripting VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox Sidebar Code Execution via _search TargetMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxMultiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla InstallTrigger Instance Validation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla DOM Node Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Suite InstallTrigger Callback VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Robert L. HollisChristine WalzerJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla JavaScript Wrapping VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Script Privilege Context VulnerabilitiesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDImproper Handling of Synthetic Events in MozillaMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDXBL Script Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDFirefox Wallpaper VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDMatthew WojcikACCEPTEDJohn HoylandINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox InstallTrigger Callback VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFirefox Sidebar Script Injection via _search TargetMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDInstallVersion.compareTo() DoS and Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla Framed Site Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaA regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.Robert L. HollisJonathan BakerChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox External App Code Acceptance VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.Robert L. HollisChristine WalzerJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFirefox and Mozilla Javascript Dialog Box SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."Robert L. HollisChristine WalzerJonathan BakerMatthew WojcikINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla DOM Node SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla Shared Object Code ExecutionMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDIFRAME in Firefox and Mozilla Permits Execution of Arbitrary Javascript in Other DomainsMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDInstall Function in Firefox and Mozilla Permits Arbitrary Code ExecutionMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDAs stated in the iDefense security advisory, if this key exists and contains a value, then the system has Interactive Training installed, and it will process .cbo files.We think, but are not sure that the affected version of bkupexec.exe is 3.60.1.298 The file should be found in C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exevserver.vxdHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\UtilMan{5c773859-bb96- 48fa-875b-6a58aae072f4}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\URL\PrefixesgopherHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A02HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A02HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A03HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1A03nsiislog.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB817772InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822343InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\Hotfix\Q811114Installedcode.aspHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q232449InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{A954CDD5-A95F-414F-B3FE-FBEF9D2AECEA}IsInstalledh323.tsphelpctr.dllwintrust.dllmup.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q311967InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NetShowVersionnscm.exenspmon.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Services\KB832359IsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\nsstationStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Services\KB832359Startssmsrp70.dlldbmsrpcn.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Microsoft Services for UNIX\KB896428InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Services for UNIXCurrent_Releasetelnet.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared Tools\Web Server Extensions\Setup PackagesSharePointsmss.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q320206InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707IsInstalledImekr70.imeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB830352Installedvbe6.dllagentdpv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890046InstalledHKEY_LOCAL_MACHINESOFTWARE\Kingsoft\AntiVirusProgramPathkavfm.sysHKEY_LOCAL_MACHINESOFTWARE\Kingsoft\KISCommon\Install\kiscommonProgramPathmsasn1.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828028Installednetlogon.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Ras\CurrentVersionPathNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318138InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\RasManStartrasman.dllHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\768AAF4834783C442BE25B1A2554D677ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\899384DAA9E2504438FFE605A34FC9BBProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\42AAC7A832B7B0147A3C9F490B491406ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\813ACF1D304B0FB43A2E440E1CF2ADD3ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\EDDFACCCCECE4EA4DB79400767BB4D9AProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\0EEDF7F0258333042A16F38A4BEC64C6ProductNameVMM.sysHKEY_LOCAL_MACHINESOFTWARE\AVAST Software\AvastHKEY_LOCAL_MACHINE^SOFTWARE\\ALWIL Software\\Avast\\([0-9.]+)$ashAvast.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ashAvast.exePathHKEY_CLASSES_ROOTPROTOCOLS\HandlercdoHKEY_LOCAL_MACHINESOFTWARE\ClassesCDOHKEY_LOCAL_MACHINESOFTWARE\Classes\PROTOCOLS\HandlercdoHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883935InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q331953InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Registration\{90120000-1125-0000-0000-0000000FF1CE}ProductNamemssdmn.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-1015-0409-0000-0000000FF1CE}InstallLocationHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanworkstationStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828749InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.1\S918007Installedvb6.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\VisualStudio\6.0\Setup\Microsoft Visual BasicProductDirHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Visual FoxPro.*$DisplayNameMschrt20.ocxMscomct2.ocxowaauth.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicesHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832894Installedsqlsrv32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q832483IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB892944Installedmqrt.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\.NETFramework\policy\v1.03705HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\NET Framework Setup\1.0\M886905InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{78705f0d-e8db-4b2d-8193-982bdda15ecd}VersionSystem.web.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\.NETFramework Setup\1.0\M886906InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600208}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Proxy ServerMicrosoft Proxy Serverw3proxy.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888258Installedsqlisapi.dllssinc.dllh323fltr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\291InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Fpc\\Arrays\\\{[^\\]+\}\\Extensions\\Proxy-Plugins\\\{FE440D49-AB26-11D2-A101-00C04FB6CFB6\}$msFPCEnabledexprox.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\832759HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MSExchangeWEB\DAVReuseConnectionsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB873339\FilelistHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB893086\FilelistHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896422Installedsrv.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896358Installedhh.exenetdde.exesp3res.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822679InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.0msphlpr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FpcInstallDirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\408Kbstlntsvr.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q307298IsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TlntsvrStartvgx.dllaspnet_filter.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB893086\Filelistw3proxy.exewspsrv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA ServerInstallationLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\257KbsHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\FwsrvStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885250InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9161A261-6ABE-4668-BBFA-AD06B3F642CFMicrosoft Exchangexlsasink.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\KB894549.*zipfldr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873376InstalledHKEY_LOCAL_MACHINESOFTWARE\Classes\CompressedFolderFriendlyTypeNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}DisplayVersionHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0150048383C9}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318593InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727InstallSystem.web.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923-IE6SP1-20050225.103456hhsetup.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323255Installedasp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q299444Installedfp5areg.dllfp30reg.dllfp4areg.dllfp30reg.dllwebvw.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB894320\FilelistHKEY_CURRENT_USERSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AdvancedWebViewHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322InstallHKEY_LOCAL_MACHINESoftware\Microsoft\NET Framework Setup\NDP\v1.1.4322SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\.NETFramework Setup\1.1\M886903InstalledSystem.web.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\.NETFramework Setup\1.1\M886904InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824245InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB841873Installedmstask.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824141InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\UtilManStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q303984Installedoval:org.mitre.oval:obj:44208oval:org.mitre.oval:obj:43819HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9}HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90530409-6000-11D3-8CFE-0150048383C9}GDIPLUS.DLLuser32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891711Installedimpprov.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB873339\FilelistHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841533Installednetdde.exenddenb32.dllshtml.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB810217InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponentsfp_extensionsMSO.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313450Installedmsgprox.dllreplrec.dllsqlvdi.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSSQLServer\MSSQLServerLoginModeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q321599InstalledMicrosoft.SharePoint.Portal.dllWmiScriptUtils.dlldxmasf.dllmsdxm.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player\wm308567IsInstalledMicrosoft.Office.Server.Search.dllmsoserverintl.dllwwintl.dllvutils.dllMsoserver.Dllmicrosoft.office.infopath.server.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Office Server\15.0BinPathxlsrv.dllstswel.dllsrvsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329170InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanserver\parametersenablesecuritysignatureHKEY_LOCAL_MACHINESoftware\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841356Installedgrpconv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}WindowsInstallerHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329414InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTUREDeploy.resources.dllMicrosoft.Rtc.Acd.Workflow.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{.*\}$DisplayNamewrtces.dllSIPStack.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}InstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811493Installedkernel32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326886Installedhlink.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888113Installedllssrv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885834InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\LicenseServiceStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB890923\FilelistHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB870763Installedwins.exeHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\winsStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp4-20040929.111451InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q305601InstalledMicrosoft.ServiceBus.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Service Bus\1.1INSTALLDIRSp3res.dllUmandlg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB842526InstalledSWORD.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationnntpsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB883935InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NntpSvcStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SharePoint Client Components\15.0LocationHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-101F-0401-1000-0000000FF1CE\}_Office15\.WacServer\-\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-1014-0000-1000-0000000FF1CE}_Office15\.OSERVER\{[\w\-]+\}$DisplayNameMicrosoft.Office.Server.Msg.dllwsetupui.dllWsssetup.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707Installeddplayx.dll^LM/MSFTPSVC/.*$1016tshoot.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB826232Installedconsole.exedbmslpcn.dllsqlmap70.dllsqlrepss.dllssmslpcn.dllssnmpn70.dllums.dllmsgprox.dllreplprov.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\80SharedCodereplrec.dllsqlvdi.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0050048383C9}DisplayVersionsmtpsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885881InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\SMTPSVCStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServices VersionHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Assemblies\GlobalMicrosoft.SharePoint,version="12.0.0.0000000",processorArchitecture="MSIL",publicKeyToken="71E9BCE111E9429C",fileVersion="12.0.6039.5000",culture="neutral"Mssdmn.exeHKEY_LOCAL_MACHINESSOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923 -ie501sp4-20050225.100310InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie6-20040929.115007IsInstalledHKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsDisableCachingOfSSLPagesMsxml5.dllMsxml3.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643-DirectX82InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643-DirectX9InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\Tcpip\ParametersEnablePMTUDiscoveryitircl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB825119Installedmsgsvc.dllwkssvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828035InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MessengerStartgdi32.dllMicrosoft.AspNet.SignalR.Core.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\TeamFoundationServer\12.0InstallPathMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.WacServerInstallLocationascalc.dllascalc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp3-20040929.121357InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB867801Installeddevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.0InstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.0\S895309Installeddevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\8.0InstallDirdevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.1InstallDircrpe32.dllcdo.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 5.5\SP5\842436aIsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MSExchangewebHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}VersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Terminal ServerProductVersionrdpwd.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q324380InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\RDPWDStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823182InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1001HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1001cryptui.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\SP2SRP1Installedidq.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q300972InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\kb823353InstalledHKEY_USERS^S-[-0-9]+\\Identities\\\{[-0-9A-Z]+\}\\Software\\Microsoft\\Outlook\ Express\\5\.0\\Mail$ShowHybridViewHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-1014-0000-1000-0000000FF1CE}DisplayNameOnetutil.dllMicrosoft.office.server.native.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationxlsrv.dllOnfda.dllxenroll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323172InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-1141\-0407\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNamexactsrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326830InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\lanmanserverStartHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERDisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-112D\-0000\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationWdsrvWorker.dllvdmdbg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840987Installedwjgdw400.dllism.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q321599InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Exchange v15DisplayNameExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v15\SetupMsiInstallPathIpnathlp.dllLM/W3SVC6032rdpwd.sysmrxsmb.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}Installedjgdw400.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared Tools\Web Server Extensions\5.0\Setup PackagesMicrosoft FrontPage Server Extensions 2002fpadmdll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared ToolsSharedFilesDirHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.1Gdiplus.dllrasmans.dllwdhtmled.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP3\KB890923\FilelistHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\[\d]*-[\d]*-[\d]*-[\d]*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle GoldenGate Veridata 3.0.0.11.0DisplayNameHKEY_LOCAL_MACHINESoftware\Microsoft\Updates\Windows Server 2003\SP1\KB914798Imekr61.imeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteDisplayNameWindowsLiveWriter.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteInstallLocationvseshr.dllhypertrm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP3\KB873339\FilelistHKEY_CLASSES_ROOThtfileHKEY_CLASSES_ROOTtelnet\shell\open\commandHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionumpnpmgr.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\10.0\RegistrationUDBVersionWmp.dllExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiInstallPathExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiInstallPathNtkrnlpa.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006CCC4E-4FEB-4ED1-8587-037656905DC8}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CF55004-EEC4-406F-AF05-2291F1395388}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ConfigMgr\SetupFull UI VersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SMS .*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SMS\SetupFull Versionreportinginstall.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SMS\SetupInstallation DirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\TeamFoundationServer\10.0InstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Microsoft Team Foundation Server 2010 - ENU\SP1\KB2182621Microsoft.TeamFoundation.WebAccess.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Microsoft Operations Manager\3.0\SetupServerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft Operations Manager\3.0\SetupProductAuditingMessages.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Microsoft Operations Manager\3.0\SetupInstallDirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERDisplayNameMicrosoft.office.server.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player 9\KB885492PackageVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{ 3e7bb08a-a7a3-4692-8eac-ac5e7895755b}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885835InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-1014-0000-1000-0000000FF1CE}_Office14\.WSS_\{[\w\-]+}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayVersionMicrosoft.office.server.native.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERInstallLocationOnfda.dllwebclnt.dllnwwks.dllxlview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90840409-6000-11D3-8CFE-0150048383C9}InstallLocationHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla \(.*\)$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\CommunicatorAttendantconsole.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AttendantConsole.exepathCommunicator.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\CommunicatorInstallationDirectoryogl.dllHKEY_USERS^S-.*\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\AttendeeCommunicator\.exe$pathogl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AttendeeCommunicator.exepathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FAST Search Server\SetupVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiProductMinorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiProductMajortranscodingservice.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiInstallPathMicrosoft.sharepoint.search.extended.administration.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FAST Search Server\SetupPathtranscodingservice.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiInstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313829InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q314147InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\SNMPStartsnmp.exeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\IBM\DB2DB2 Path NameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22F1877A-DC27-4E3F-A109-55BDB1EEF2DF}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DDAFF1B-4059-4C8C-BFB6-B79F6F9B88B0}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22F1877A-DC27-4E3F-A109-55BDB1EEF2DF}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DDAFF1B-4059-4C8C-BFB6-B79F6F9B88B0}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5660022E-F3F2-4126-8CC5-9726C47150EB}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Sybari Software\Antigen for Exchange\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows Defender\Signature UpdatesEngineVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OneCare Protection\Signature UpdatesEngineVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Forefront Server Security\Sharepoint\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Sybari Software\Antigen for SMTP\Scan Engines\MicrosoftEngine Versionnotes.exeHKEY_LOCAL_MACHINESOFTWARE\Lotus\NotesPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicePackBuildmsjava.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890175Installedhhctrl.ocxHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Hotfix\\[Kk][Bb]834707[-a-zA-Z0-9.]*$Installedcryptdlg.dllhttpext.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824151InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\W3SVC\ParametersDisableWebDAVmsadco.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\ProductOptionsProductSuiteMdbmsg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicesHKEY_LOCAL_MACHINESOFTWARE\Classes\.wvxHKEY_LOCAL_MACHINESOFTWARE\Classes\.wplHKEY_LOCAL_MACHINESOFTWARE\Classes\.wmxHKEY_LOCAL_MACHINESOFTWARE\Classes\.wmsHKEY_LOCAL_MACHINESOFTWARE\Classes\.wmzHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\9.0\RegistrationUDBVersionwmp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Media Player 9\SP0\KB885492PackageVersionHKEY_LOCAL_MACHINESOFTWARE\Classes\.asxHKEY_LOCAL_MACHINESOFTWARE\Classes\.waxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q319733InstalledLM/W3SVC6014VirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxInstallDirVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxInstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{839117ee-2132-4bae-a56a-42b50204c9b9}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB889293IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\6.0ProductNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\6.0ProductVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\7.0ProductNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\8.0ProductNameSnadmod.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\7.0InstallPathSnadmod.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\6.0InstallPathSnadmod.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\8.0InstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB893066Installedtcpip.sysOnetutil.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90120000-1014-0000-[01]000-0000000FF1CE\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-1110-0000-1000-0000000FF1CE}DisplayNameEawfap.dllMicrosoft.office.policy.dllOWSSVR.DLLMicrosoft.SharePoint.Taxonomy.dllMicrosoft.SharePoint.Client.dllMicrosoft.office.server.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890859InstalledNtoskrnl.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OleEnableDCOMHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 1.0.7DisplayNameFwcmgmt.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Firewall Client 2004InstallRootHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxInstallDirHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\8.0\RegistrationUDBVersionWmpui.dllrpcss.dllnetman.dllumpnpmgr.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Apache Tomcat .*$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Software Foundation\\Tomcat\\[0-9].*$VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\7.1\RegistrationUDBVersionwmpui.dllHKEY_LOCAL_MACHINESOFTWARE\Classes\MIME\Database\Content Type\application/htaExtensionHKEY_CLASSES_ROOTMITrain.Document\shell\open\commandOrun32.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Step by Step Interactive Training\SP2\KB898458\FilelistMsdtctm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893756InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\TapiSrvStarttapisrv.dllNFRAgent.exeHKEY_LOCAL_MACHINESOFTWARE\NOVELL\File Reporter\AgentInstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMinorcdoex.dllHKEY_LOCAL_MACHINESOFTWARE\PHPVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB890923 -ie501sp3-20050225.100153InstalledHKEY_LOCAL_MACHINE^Software\\Microsoft\\Office\\10\.0\\Registration\\.*$ProductIDMSO.DLLHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\PHP.*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\PHPHKEY_LOCAL_MACHINESOFTWARE\PHPVersionitss.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840315InstalledHKEY_LOCAL_MACHINESOFTWARE\Classes\ITSProtocolsrv.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB817606InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Office\\12\.0\\Registration\\\{90120000-110D-0000-[01]000-0000000FF1CE\}$ProductNamemicrosoft.office.server.conversions.launcher.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-10F5-0000-1000-0000000FF1CE}InstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA ServerVersionMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Fpc\Hotfixes\SP1\277KbsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Applets\WordpadEnableLegacyConvertersHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885836Installedmswrd632.wpcHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873333Installedole32.dllCrystalDecisions.Web.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\w3svcStartQuartz.dllmsieftp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server SPDisplayNamew3proxy.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\UninstallMicrosoft ISA ServerHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FPC\Hotfixes\SP1\430kbsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB896727InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}IsInstalledcdosys.dllFontsub.dllT2embed.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB901214IsInstalledmscms.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824146Installedrpcrt4.dllHKEY_LOCAL_MACHINESOFTWARE\CLASSES\PNGFilter.CoPNGFilterdhtmled.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891781IsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTUREsxs.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q819696Installedschannel.dll^LM/W3SVC/.*$5506HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\ServerEnabledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\SubcomponentsieHardenadminHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\SubcomponentsieHardenuserntdll.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q815021InstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.10\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-6]\))$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB897715InstalledMapi32.dllssnetlib.dllMsw3prt.dlljscript.dllmf3216.dllgdi32.dllcomsvcs.dllcrypt32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329115InstalledHKEY_LOCAL_MACHINESOFTWARE\Rockliffe\MailSiteVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q293826Installedumandlg.dllspoolsv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB896423InstalledMsxml4.dllMsxml6.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q823718IsInstalledodbcbcp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DataAccessFullInstallVerHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SeaMonkey \(1\.0[ab]\)$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\mozilla.org\SeaMonkeyCurrentVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-7]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-7]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.1[0-2]\))$DisplayNameHKEY_LOCAL_MACHINESoftware\VERITAS\Backup Exec\ServerCurrentVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\LSARestrictAnonymousHKEY_CLASSES_ROOTHCPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840374Installedhelpctr.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828741InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OleEnableDCOMHTTPrpcproxy.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB837009InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX8InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX81InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX82InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DirectXVersiondplayx.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX9InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883939InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersionCurrentVersionsqlservr.exeodsole70.dllxpqueue.dllxprepl.dllxplog70.dllxpweb70.dllxpstar.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exePathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q295534InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q301625InstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\ProductOptionsProductTypelsasrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB835732Installedshell32.dllHKEY_LOCAL_MACHINE^Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[1-3]$1802HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{D7B44F3E-77D3-44C5-8E03-4222D9A18B7B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{61E6EAE5-7821-4AC1-9BBD-AED032A8E273}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{FF4DD9CD-F25E-425a-8B5C-A2D062781FBB}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2757B1D6-0367-4663-877C-93ECC5C01BF6}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{C34F4917-ED43-439f-9023-97B0024A2B3B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{f5de1b93-9d38-416b-b09e-aa85a8e84309}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{716E024F-7F74-47F3-B93B-9FF7F3CBF94C}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}IsInstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1803msw3prt.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Outlook Express\Version InfoCurrentinetcomm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q327696InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811114InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMajorVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMinorVersionw3svc.dllHKEY_LOCAL_MACHINESOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsSecurity_HKLM_onlyHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionHKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400mshtml.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCSDVersionkerberos.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRootHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \(0\.9.*\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[6-8]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-4]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[0-8]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[6-9]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\(1\.7\)|\(1\.[0-7]\.[0-3]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \(0\.[0-9].*\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-5]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-1]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-6]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-3]\))DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-7]\))DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla ThunderbirdCurrentVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-2]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-2]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-4]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-8]\))$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla FirefoxCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\mozilla.org\MozillaCurrentVersion4.10.2001.015.0.2195.6904^6[,\.]0[,\.](2[6-9]00|3790)[,\.]\d+$6.0.2739.3006.0.2800.15066.0.2719.2200gopher://4.1.0.3861^2\.6.*2000.80.746.03.70.11.406.0.2715.40033335.0.2195.69064.1.0.39324.1.0.3931115.0.2195.667214.0.1381.27914.2.780.15.50.4927.21006.0.2713.110035.2.3790.1396.0.2716.22005.50.4613.170014.0.1381.164^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([6-9]|([1-9][0-9]+))$5.0.2195.36494.2.769.15.0.2195.69015.2.3790.1255.0.2195.69045.1.2195.68995.131.2195.68245.0.2195.508015.50.4939.3004.14.1.0.39344.1.0.393414410.0.6858.02000.80.428.02000.80.213.02000.80.213.05.2.3790.995.2.3790.885,5,0,85135,1,0,85135.3000.2073.132.23.07.0.1701.443.58.0.1969.335.2.3790.3605.0.2195.34075.1.2600.1605.0.2195.6987Installed5.0.2195.569512000.81.9002.02000.81.9002.02000.81.9042.02000.81.9042.06.00.2900.21806.0.2900.25236.0.2900.252417.0.8002.05.0.2195.70715.0.2195.70732000.80.296.05.0.2195.687016.4.99.722.0.0.342312010.7.30.2015.0.2195.6823110.0.6856.05.0.893.1105RASPHONE.PBK145.0.2195.49835.5.2658.345.1.2600.1698Microsoft Virtual Server 2005 R2 SP1Microsoft Virtual PC 2007 SP1Microsoft Virtual PC 2007Microsoft Virtual PC 2004Microsoft Virtual Server 20051.1.465.151.1.465.161.1.656.01.1.598.05.2.3790.3484.8.1356.0^6\.2\.020[5-9]5.0.2195.697215.0.2195.610615.0.3809.0Microsoft Search Server 200812.0.6318.500045.0.2195.6862118.0.813.08.1.291.16.1.98.126.1.98.122000.80.747.02000.80.747.06.5.7653.386.0.3790.11813.70.11.463.70.11.4616.0.2800.14006.0.2737.8005.50.4937.8005.0.3813.8005.0.3502.485615.0.0.79911.0.3705.5561,0,3705,21,0,3705,31.0.3705.602116.2.0208MSN Messenger 6.25.0.3526.8005.0.3513.900^2\.70.*$2.0.390.1612000.80.309.02000.80.760.05.0.2195.66243.0.1200.2911146.5.6980.5706.0.3790.2124.0.1381.335665.0.2195.70005.0.2195.70575.0.3900.70325.0.3510.110015.0.2195.704415.2.3790.3095.2.3790.1735.2.3790.1845.0.2195.67131.0.0.3115.0.3900.69705.0.2195.69463.0.1200.408KB8882585.2.3790.2055.0.33668.1146.0.2800.14112.0.50727.1016.0.3790.2803.0.1200.2573.0.1200.257331066215.0.2195.70236.5.6981.310.0.6626.05.1.2600.13636.0.2734.16006.0.3790.1981^.*zipfldr\.dll.*$10.0.4330.011.0.5614.05.0.2195.498015.50.4945.28002.0.50727.2106.0.2800.14986.0.2800.14995.2.3669.05.2.3644.05.2.3644.05.2.3644.015.0.2195.66724.2.764.115.2.3790.23910.0.4205.010.0.4205.04.0.2.75234.0.2.75235.0.3900.703615.2.3790.242^2\.1.*$2.12.5118.0111.1.4322.203711.1.4322.108516.0.2600.1516.0.3790.9416.1.0.92325.2.3790.24656.0.2800.12765.50.4934.160014.71.2195.69205.0.3810.1700145.0.2195.67995.0.3900.69226.0.2742.2006,0,2600,00005.0.3523.17005.0.2195.388116.0.3264.05.0.2195.701715.2.3790.225srv03_qfe5.2.3790.227srv03_qfe2000.80.650.05.0.2195.61595.2.3790.23315.0.2195.69525.0.2195.69224.0.2.75231110.0.6714.05.0.2195.490512000.80.818.02000.80.765.02000.80.765.02000.80.765.05.1.2600.10915.0.2195.67536.0.2900.2604^2\.6.*$2.62.9119.122000.80.650.05.0.2195.5671115.0.4719.100214.0.7149.500012.0.6721.50008.0.50727.2368.0.0.44776.4.9.11216.4.9.11211Microsoft Exchange Server 2013 Cumulative Update 815.0.847.4115.0.1076.01115.0.4711.100014.03.0224.0018.03.0389.002Microsoft Exchange Server 2013 Cumulative Update 615.00.0847.03515.00.0995.034Microsoft Exchange Server 2013 Cumulative Update 715.0.847.3815.0.1044.2915.0.4697.100015.0.4631.100014.0.7145.500015.0.4699.100015.0.4701.100014.0.7137.50005.0.2195.61101115.0.2195.696610.2.511014.0.1381.336182.53.6202.01^2\.5.*$2000.80.578.02000.80.561.05.00.2919.8005.00.2919.38005.00.2919.63075.00.2920.00005.00.3103.10005.00.3105.01065.00.3314.21015.0.3504.25005.0.1558.60725.15.1.2600.1711ia645.0.8308.4204.0.7577.2766.0.3790.1816.0.3790.185^Microsoft Lync Server 2010.*$^Microsoft Lync Server 2013.*$4.0.7577.2305.0.8308.80315.0.4641.1000^9\.0\..*$10.0.8250.015.0.2195.60115.0.2195.597415.2.3790.22715.0.2195.7021148.0.7600.167228.0.7600.208618.0.7600.200005.0.2195.70356.0.3790.27915.0.2195.7005^.*ServerNT.*$45.0.3534.2800112.1.40512.25.2.3790.1635.0.2195.69281.0.0.5114.0.7123.50004.1.304.3.84.2.226.0.3790.20614^Service Pack 1 for Microsoft Office Web Apps Server .*$^Service Pack 1 for Microsoft SharePoint Server 2013 .*$15.0.4514.100015.0.4561.100015.0.4609.100015.0.4615.10006.0.3790.21915.2.3790.1634.2.204.3.6
4
6.0.3790.1685.1.2600.15151.11.0.1.212512000.80.818.02000.80.818.02000.80.811.02000.80.765.02000.80.818.02000.80.818.02000.80.818.02000.80.818.02000.80.816.02000.80.800.02000.80.778.02000.80.765.02000.80.798.02000.80.765.02000.80.765.010.0.8326.010.0.6735.010.0.8326.02000.80.384.02000.80.223.02000.80.223.02000.80.223.02000.80.223.06.0.3790.21114655.50.4725.210012.0.6028.500012.0.6031.50005.0.3826.240015.50.4922.9004.2.204.3.46.0.2745.2800115.10.2930.04.20.9839.08.70.1113.06.0.3888.05.2.3677.144^4\.08\.02.*$15.3.0.903^4\.09.*$15.1.2600.148^4\.08\.01.*$15.1.2600.151705.2.3790.8015.0.3819.3004.2.184.1.284.2.04.3.24.3.03.2.184.0.205.50.4942.4005.0.2195.68615.0.2195.6861145.0.2195.69455.50.4943.4001.1.21022.014.0.7011.100015.0.4545.100015.0.4551.10075.0.3821.280016.0.3790.19115.00.3315.10005.0.3532.30019.1.2.187110.2.0.12225.0.3900.70096.5.7233.695.5.2558.1022653Microsoft Exchange Server 2013 Cumulative Update 315.0.775.4115.0.712.318.3.342.414.3.174.114.2.390.35,6,0,85135.0.2195.68106.5.7650.295.05.0.2195.5880141335.131.2195.675815.0.2195.36451
^.*idq\.dll.*$
5.2.3790.12806.0.2800.144110^Microsoft SharePoint Foundation 2013 .*$^Service Pack 2 for Microsoft SharePoint Foundation 2010 .*$14.0.7105.500014.0.7005.100014.0.7104.500015.0.4535.10005.131.3659.0106.0.2716.2200^Service Pack 2 for Microsoft Office Web Apps.*$14.0.7015.10005.0.2195.597112^Microsoft.* Office Web Apps$Microsoft Office Web Apps Service Pack 1 (SP1)14.0.7106.500014.0.6112.50005.1.2600.15601106.0.0.05.0.2195.70979.0.0.33494.2.776.116.0.6618.4Microsoft Exchange Server 2013 Cumulative Update 1^Microsoft Exchange Server 2013.*$Microsoft Exchange Server 2013 Cumulative Update 215.0.620.3415.0.712.2814.2.375.08.3.327.114.3.158.15.0.2195.69028.0.0.44965.0.2195.70555.06.0.2743.6005.2.3790.5295.0.2195.7087^5,50,.*5.50.4963.17005.50.4134.01005.50.4134.06005.50.4522.180015.50.4923.2500^2\.53.*$2.53.6306.02.71.9053.02.80.1062.0^2\.81.*$2.81.1124.0^2\.71.*$^2\.8.*$5.2.3790.5376.0.3790.5035.0.2195.7085106.0.0.010.0.6790.05.0.2195.70935.0.3528.7005.1.3102.13555.2.3790.5294.0.1381.72654.0.1381.335636.1.0.92326.0.2713.11006.0.2900.2627^Oracle GoldenGate Director Server 11.1.1.1.0[_\d]*$6.0.3790.326^9\.0+\..*$9.0.0.33446.1.3790.114.0.6134.50005.0.3837.12004.2.04.1.0^16\..*$^15\..*$Windows Live Essentials16.4.3508.2058.3.298.314.2.342.22.2.03.0.25.2.3790.4628.3.7.2075.1.2600.1609^[Hh][Yy][Pp][Ee][Rr][Tt][Rr][Mm]\.[Ee][Xx][Ee]$Windows ME5.25.2.3790.2477Service Pack 1^10\.0+\..*$10.0.0.401914.1.438.014.2.328.108.3.297.25.0.2195.7071Microsoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R3^Microsoft System Center Configuration Manager 2007.*$4.00.6487.2000^.*Microsoft Systems Management Server 2003.*$2.50.4253.30004.0.6487.22167.10.0.307710.0.40219.4174.3.04.0.64.0.8System Center Operations Manager 20076.0.6278.0System Center Operations Manager 2007 R26.0.6278.06.1.7221.110Microsoft SharePoint Server 201315.0.4481.15071.16.0.2800.147615.0.2195.69921Microsoft SharePoint Foundation 2010 Service Pack 1 (SP1)14.0.6029.100014.0.6108.500014.0.6106.50005.2.3790.4535.2.3790.3866.0.3790.4135.0.2195.70655.0.3833.20011.0.8012.0^Mozilla \(.*\)5.0.3835.2200Microsoft Lync 20104.0.7577.40989.79.114.03121414.1.421.28.3.279.414.0.334.1114.2.318.42001.12.4720.4808.07.08.59.7.0.49.7.0.115.0.3502.47186.0.3790.4189.58.5^5\.0+\..*5.0.3839.2200145.0.2195.491914.0.6113.500014.0.6114.50018.0.18.5.1.4^Microsoft AntiXSS v(3\.\d|4\.0).*$5.0.2195.70736.0.2722.9009.7.0.16.4.3790.06.4.3790.3996.0.3790.5366.1.3940.425.0.3841.19005.2.3790.3745.2.3790.3742000.80.2000.02000.80.2273.02000.80.2050.0^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] [1-9][0-9]*$5.2.3790.346Microsoft Forefront Security for SharePointMicrosoft Antigen for ExchangeMicrosoft Forefront Security for Exchange ServerMicrosoft Antigen for SMTP^Microsoft Windows Live OneCare.*$1.1.3520.00.1.13.1928.5.2.25.27.0.06.06.5.65:0a4.64.2.17.0.43.0.0.18.0.03.0.0.276386249722608.0.709.06.0.6619.126.5.7235.26.5.7652.245.0.3810.015.2.3790.2335.6.0.05.5.0.05.1.0.85135.5.0.85135.6.0.85135.1.0.06.0.3790.25916.00.3790.00005.0.1558.66085.0.2195.6958115.0.3831.18002.80.1062.0Terminal Server4.2.775.1
^.*asp\.dll.*$
5.0.1460.95.0.1462.224.0.05.2.3790.4685.0.3825.7009.00.00.29809.0.0.32501.115.0.2195.5269
^.*ism\.dll.*$
3.0.43.2.03.0.03.0.63.1.84.1.011Microsoft Host Integration Server 20046.0.2403.0Microsoft Host Integration Server 2006Microsoft Host Integration Server 2009Microsoft Host Integration Server 20107.0.4220.08.0.3870.08.5.4317.18.5.4369.28.0.3850.16.0.2445.08.0.3872.28.5.4360.05.0.2195.706115.0.2195.703512.0.6565.5001^Microsoft Windows SharePoint Services 3\.0.*$6.0.3790.3835.0.2195.7054Windows 98Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 201014.0.6106.500114.0.6106.500114.0.6106.500814.0.6106.500114.0.6106.500114.0.6106.500115.2.3790.2807.0.11^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([3-9]|([1-9][0-9]+))$Y^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([4-9]|([1-9][0-9]+))$6.1.9.7266.1.9.732Mozilla Firefox (1.0.7)^1\.0\.7 .*7.0.7734.1825.2.3790.419^(5\.3\.[23])$6.0.2723.25004.0.0^8\.0+\..*$8.0.0.44955.0.2195.70595.0.2195.70595.2.3790.396^(5(\.2(\.([0-9]|1[0-4]))?|\.3(\.[0-3])?))$5.0.2195.70695.3.45.00.3700.10005.0.3828.2700^Apache Tomcat .*$^7\.0\.([0-9]|1[01])$^7\.[0-9.]*$^6\..*$^7\.1.*$7.10.0.30766.0.2800.1264.hta5.3.43.5.0.1172000.2.3535.0145.0.2195.70578.00.1942000.80.608.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.628.06.0.2800.15056.0.2800.15061.0.4.2828.2.301.05.2.155.50.4913.1100115.0.3539.24001^.[0-9]+-.[0-9]+-.[0-9]+-.[0-9]+$^.*-OEM-.*$10.0.6867.0^PHP.*$^([0-4](\..*)?|5(\.[0-1](\..*)?|\.2(\.([0-9]|1[0-4]))?|\.3(\.[0-3])?)?)$5.0.3900.70715.0.3900.70785.2.3790.1851^8\..*$8.0.7600.163855.0.2195.669916.0.3790.507Microsoft Office SharePoint Server 200712.0.6547.50003816456112004.10.25.015.0.2195.70219.1.9800.946.5.3790.06.5.3790.25196.3.1.889^4\.[0]*9\..*$Service Pack 45.50.4956.500Microsoft ISA Server 2000 Updates3.0.1200.430KB8997536.0.2800.15156.0.2800.1516116.0.2800.14586.5.6749.05.2.3790.4265.2.3790.42615.2.3790.35915.0.2195.6802^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([5-9]|([1-9][0-9]+))$CoPNGFilter Class6.0.2900.2668x866.1.0.92311x645.2.3790.121^4\.[0]*9\.[0]+\.[0]*900^4\.[0]*9\.[0]+\.[0]*9015.50.4134.01005.50.4134.06005.50.4522.180015.50.4616.2005.50.4701.2400^4\.[0]*8\..*$15.50.4807.23005.50.4926.25005.2.3790.1321^6\..*6.0.3790.449115.0.2195.66851^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.10\))([0-1]\.[0-7]($|\s).*|[0-1]\.[0-7]\.[0-8]($|\s).*|1\.7\.10($|\s).*)(0\.[0-9].*|1\.0($|\s).*|1\.0\.[1-6]($|\s).*)^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-6]\))15,50,4807,17005.50.4952.28006.0.6603.06.0.6617.472000.80.636.02000.80.636.02001.12.4414.535.0.2195.29565.1.0.125125.5.0.05.6.0.88312001.12.4720.1305.0.2195.68985.0.2195.70692000.2.3511.06.0.2900.21806.0.2900.2722^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([2-9]|([1-9][0-9]+))$5.131.2600.11231^([1-5]\.[0-9].*|6\.(0.*|1|1\.([0-9]($|\..*)|[0-1][0-9]($|\..*)|20($|\..*)|21($|\..*))))$15.0.2195.36491.0.0.4^Service Pack [0-4]$5.0.2195.705914.20.9841.06.0.3890.012000.81.9001.402000.81.9041.40^2\.7.*^SeaMonkey \(1\.0[ab]\)^1\.0[ab].*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-7]\))(0\.[0-9].*|1\.0($|\s).*|1\.0\.[1-7]($|\s).*)^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-7]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-7]($|\s).*([0-1]\.[0-7]($|\s).*|[0-1]\.[0-7]\.[0-8]($|\s).*|1\.7\.1[0-2]($|\s).*)^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.1[0-2]\))8.5015.2.3790.161WinNT1Y5.2.3790.137srv03_qfe5.2.3790.141srv03_qfe6,0,3790,06.0.3790.1371^4\.07.*5.0.2195.69271^4\.08\.00.*5.0.2258.4101^4\.08\.01.*5.1.2600.8911^4\.08\.02.*5.2.3677.1441^4\.09\.00.*5.3.0.90315.00.3502.10005.0.3541.270018.00.1942000.80.650.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.628.04114.2.764.1^.*LanmanNT.*$5.0.2195.690215.1^Service Pack [0-2]$6.0.2900.257831111111111^6\.0+\.2600\.0+$16.0.2712.3001111305.0.2195.580716,0,2800,11066.0.2800.140911515.1.2600.112516.00.2800.110633336.0.2800.14916.0.2800.14925.25.2.3790.3475.0^Service Pack ([4-9]|\d{2,})$5.0.2195.7053^0\.9($|\s).*^Mozilla Firefox \(0\.9.*\)^0\.[6-8]($|\s).*^Mozilla Thunderbird \(0\.[6-8]\)^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-4]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-4]\))^0\.[0-8]($|\s).*^Mozilla Thunderbird \(0\.[0-8]\)^0\.[6-9]($|\s).*^Mozilla Thunderbird \(0\.[6-9]\)^1\.7($|\s).*|^1\.7\.[0-3]($|\s).*^Mozilla (\(1\.7\)|\(1\.[0-7]\.[0-3]\))^0\.[0-9]($|\s).*^Mozilla Firefox \(0\.[0-9].*\)^[0-1]\.0($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\))^[0-1]\.0($|\s).*^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-5]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-5]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-1]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-1]\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-6]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-6]\))^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-3]\))^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-7]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-2]($|\s).*^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-2]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-2]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-2]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-4]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-4]\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-8]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-8]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-3]($|\s).*^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-7]($|\s).*\system32\Windows Media\Server\Microsoft Shared\VBA\VBA6\msagentsecurity\kxede12.0\BIN\bin\Microsoft.NET\Framework\v1.0.3705InetPub\scripts\proxy\System\Ole DB folder\Microsoft Shared\VGX\bin\Microsoft.NET\Framework\v2.0.50727\Microsoft Shared\web server extensions\50\bin\Microsoft Shared\web server extensions\40\bin\Microsoft.NET\Framework\v1.1.4322\Microsoft Shared\web server extensions\40\isapi\Microsoft Shared\OFFICE11\Microsoft Shared\WMI\15.0\WebServices\ConversionServices\1033\15.0\WebServices\ConversionServices\15.0\WebServices\Shared\VisioGraphicsServer\Bin\14.0\WebServices\WordServer\Core\Deployment\de-DE\Application Host\Applications\Response Group\Server\Core\14.0\WebServices\ConversionService\Bin\Converter\Microsoft Shared\SERVER15\Server Setup Controller\WSS.en-us\Microsoft Shared\SERVER15\Server Setup Controller\syswow64\Microsoft Shared\OFFICE11Application Tier\Web Services\bin\PPTConversionService\bin\Converter\15.0\bin\15.0\WebServices\ConversionService\Bin\Converter\15.0\bin\Microsoft Shared\web server extensions\15\BIN\14.0\WebServices\ConversionService\Bin\Converter\14.0\WebServices\WordServer\Core\Bin\web server extensions\50\isapi\_vti_adm^\\winsxs\\(x86|amd64)_microsoft\.windows\.gdiplus_6595b64144ccf1df_.+$|\\WinSxS\\(x86|amd64)_Microsoft\.Windows\.GdiPlus_6595b64144ccf1df_.+$Writer\Bin\Bin\bin\i386^\\assembly\\GAC_MSIL\\Microsoft\.TeamFoundation\.WebAccess\\10\.0\.0\.0__\w+$\Microsoft Shared\web server extensions\15\ISAPI\14.0\bin\Microsoft Shared\web server extensions\14\BINOFFICE11ClientAccess\Owa\Bin\DocumentViewingbinClientAccess\Owa\Bin\DocumentViewing\System\msadc\RESsystemsystemsystem\Microsoft Shared\web server extensions\12\BIN\Microsoft Shared\Web Server Extensions\14\ISAPI\Help\SBSI\Training\Microsoft Shared\CDO\Microsoft Shared\OFFICE10\System32\drivers12.0\Bin\Microsoft Shared\TextConv\Crystal Decisions\1.1\Managed\microsoft shared\triedit\system32\inetsrv\System32