The OVAL Repository5.32015-09-03T06:12:09.360-04:00IE Frame Domain Verification VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDWindows NT Media Services ISAPI Logging VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.Christine WalzerINTERIMACCEPTEDACCEPTEDIE File Upload VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerThe file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components SQL-DMO Buffer Overflow (Test 1)Microsoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE File Download Dialog VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows NT IIS Cross-site Scripting VulnerabilitiesMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIIS showcode.asp Sample File VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.Christine WalzerINTERIMACCEPTEDACCEPTEDWindows NT IIS Out of Process Privilege Elevation VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE URLMON Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS IE HTML Directive Buffer OverflowMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerBuffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDZone Spoofing through Malformed Web Page VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE Slash Characters in Type Property VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE File Execution User-prompt Bypass VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 6The application Microsoft Internet Explorer 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE Cached Content Command Execution VulnerabilityMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.Tiffany BergeronINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIIS4.0 Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDIIS ASP Source Code Access VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows NT IIS System File Listing Privilege Elevation VulnerabilityMicrosoft Windows NTMicrosoft Internet Information Server (IIS)IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v5.5,SP2 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing on Double Byte Character Set Systems VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS HTTP Error Page Cross-site ScriptingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.Tiffany BergeronJosh TurpinDEPRECATEDDEPRECATEDDEPRECATED: Windows Script Engine Heap Overflow (Test 3)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.5Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDDEPRECATED: Windows Script Engine Heap Overflow (Test 2)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.1Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDIE v6.0,SP1 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.7 Broadcast Response Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Data Access Components 2.7Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows 98Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDAndrew SimmonsINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT Variant of Chunked Encoding Buffer OverrunMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE v6.0,SP1 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows (ME, NT, 2K, XP), IE v6,SP1 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExchange Server 5.5 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla IDN heap overrun using soft-hyphensMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaBuffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMSJava Applet CODEBASE File Access VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Virtual Machine (VM)Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.Tiffany BergeronINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS HTTP Redirect Error Message Cross-site ScriptingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.Tiffany BergeronJosh TurpinDEPRECATEDDEPRECATEDIE v6.0,SP1 SSL Cached Content VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows (ME, NT, 2K), IE v5.5,SP2 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.6 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.6Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Install Engine Buffer OverflowMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.5 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDProxy Server Reverse DNS Lookup Results SpoofingMicrosoft Windows NTProxy Server 2.0 SP1Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.Christine WalzerDRAFTINTERIMChristine WalzerIngrid SkoogACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDWindows NT Terminal Server VDM Privilege Escalation VulnerabilityMicrosoft Windows NTVDMThe Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT HTR ISAPI Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDGDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2002)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visual Studio .NET 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOffice XP URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office XP SP3Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogIngrid SkoogIngrid SkoogAnna MinDRAFTINTERIMACCEPTEDINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Office XP,SP2)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office XP SP2Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Project 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDIE v6.0,SP1 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows NT IIS Directory Traversal Command Execution (Test 1)Microsoft Windows NTMicrosoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Tiffany BergeronACCEPTEDMicrosoft Data Access Components 2.1 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows NTMicrosoft Data Access Components 2.1Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow Microsoft Office Visio Pro 2003Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Visio 2003The application Microsoft Office Visio 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Bitmap Integer Overflow VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Visio Pro 2002)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (Project 2002,SP1)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDACCEPTEDMicrosoft Data Access Components 2.6 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.6Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDWINS Association Context Vulnerability (Terminal Server Test 1)Microsoft Windows NTWindows Internet Naming Service (WINS)The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."Matthew BurtonDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.5 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v5.5,SP2 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS FTP Connection Status Request Denial of ServiceMicrosoft Windows NTFTPThe FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.Tiffany BergeronGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE v6.0,SP1 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Project Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMS Exchange Server Cross-site Scripting VulnerabilityMicrosoft Windows NTOutlook Web AccessCross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.Christine WalzerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDDEPRECATED: Windows Script Engine Heap Overflow (Test 1)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPWindows Script Engine for JScript v5.6Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxDavid ProulxACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDMicrosoft Outlook Express v6,SP1 Malformed Email Header Denial of ServiceMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressMicrosoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.Jonathan BakerDRAFTINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDWindows NT IIS Heap Overrun in HTR Chunked EncodingMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDACCEPTEDGDI+ JPEG Parsing Engine Buffer Overflow (VS.NET 2003)Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Visual Studio .NET 2003Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.Ingrid SkoogDRAFTIngrid SkoogINTERIMACCEPTEDRobert L. HollisACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDWindows Virtual DOS Machine Local Privilege Escalation Vulnerability (Test 2)Microsoft Windows NTVDMThe component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.Ingrid SkoogACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS Chunked Encoding Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE v6.0,SP1 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMozilla Application Suite has reached End-of-LifeMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozilla'mozilla.org has launched and delivered SeaMonkey, a community effort to deliver production-quality releases of code derived from the \"Mozilla Application Suite\". This equates to a cessation in software and security patches for that baseline. Using an unsupported software represents a high security risk because no fixes or patches will be made available in response to new vulnerabilities.'Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMRobert L. HollisDEPRECATEDDEPRECATEDHeap Overrun in XBM Image ProcessingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaHeap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox/Mozilla Suite about: Scheme Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS HTTP Header Field Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDMicrosoft Java Virtual Machine Security BypassMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Virtual Machine (VM)The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Harvey RubinovitzDRAFTJonathan BakerINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows NT IIS ASP Server-Side Include Function Buffer OverflowMicrosoft Windows NTMicrosoft Internet Information Server (IIS)Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.Tiffany BergeronACCEPTEDGlenn StricklandINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDExchange Server 5.0 TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDFirefox/Mozilla Suite JavaScript Integer OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaInteger overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDObject Spoofing using XBL <implements> VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox/Mozilla Suite Chrome Window Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDCrash on "zero-width non-joiner" SequenceMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDScob and Toofer Internet Explorer v6.0,SP1 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE Web Page Spoofing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."Tiffany BergeronINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE plugin.ocx Heap OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDXMLHttpRequest Header Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMicrosoft Outlook Express 5.5,SP2 News Reading VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDExchange 2000 Server TNEF Decoding VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft OutlookUnspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMS SQL Server 2000 Resolution Service Buffer OverflowMicrosoft Windows NTMicrosoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.Tiffany BergeronINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDMultiple Vulnerabilities in Rockliffe MailSite ExpressMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Rockliffe MailSite ExpressCross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.Rahul MohandasDRAFTINTERIMACCEPTEDACCEPTEDVeritas Backup Exec RestrictAnonymous Forced Misconfiguration VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Veritas Backup Exec 8.5Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.Tiffany BergeronINTERIMIngrid SkoogINTERIMIncorrect Permission on SQL Server Service Account Registry KeyMicrosoft Windows NTMicrosoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."Tiffany BergeronINTERIMACCEPTEDJonathan BakerINTERIMINTERIMACCEPTEDIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogIngrid SkoogINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDWindows NT IIS Directory Traversal Command Execution (Test 2)Microsoft Windows NTMicrosoft Internet Information Server (IIS)Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.Christine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDACCEPTEDIE File Download Dialog Deception VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v6.0,SP1 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDFirefox and Mozilla top.focus() Cross-Site Scripting VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.Robert L. HollisChristine WalzerJonathan BakerINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDACCEPTEDMozilla Local File Loading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Creates World-readable temp FilesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing during Binary DownloadMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing via "View Source"Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Inactive Tab Form Data Theft VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Malicious news: VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla ThunderbirdHeap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox Script-generated Download Prompt BypassMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Inactive Tab Dialog Box VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxmozillaFirefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla 407 Proxy Information Disclosure VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Thunderbird Subject to IE Vulnerabilities via javascriptMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla ThunderbirdThunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Mail News Cookie Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers bypass the user's intended privacy and security policy by using cookies in e-mail messages.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Livefeed Bookmark Cookie SwipingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Popup Content Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla SSL Lock Image Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla UTF8 to Unicode Conversion Heap OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdHeap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Download/Security Dialogs Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla 'user:pass@host' Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdThe installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla String Library Memory Overwrite VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdString handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Autocomplete Data LeakMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XSLT Stylesheet Information Disclosure PotentialMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Double Download .lnk VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla "Save Link As" Dialog Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Download Dialog Source Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla HTTP auth Prompt Tab SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Image Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Cross-site Scripting via Drag and Drop to TabMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Privileged Content Loading VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla IDN Homograph Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla GIF Heap OverflowMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdHeap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDFirefox Sidebar Panel Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla XUL Drag and Drop Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Javascript "lambda"Microsoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla PLUGINSPAGE Privileged Javascript Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla blocked javascript: popup Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Global Pollution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla favicons Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Search Plugin Cross-site Scripting VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox Sidebar Code Execution via _search TargetMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxMultiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla InstallTrigger Instance Validation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.Robert L. HollisINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla DOM Node Privilege Escalation VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDMozilla Suite InstallTrigger Callback VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Robert L. HollisChristine WalzerJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla JavaScript Wrapping VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDMozilla Script Privilege Context VulnerabilitiesMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMJonathan BakerJonathan BakerJonathan BakerJonathan BakerACCEPTEDACCEPTEDImproper Handling of Synthetic Events in MozillaMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxThe browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDXBL Script Security Bypass VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxMozilla ThunderbirdFirefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerJonathan BakerACCEPTEDACCEPTEDFirefox Wallpaper VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."Robert L. HollisINTERIMMatthew WojcikMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDMatthew WojcikACCEPTEDJohn HoylandINTERIMJonathan BakerJonathan BakerJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox InstallTrigger Callback VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxThe InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.Robert L. HollisChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFirefox Sidebar Script Injection via _search TargetMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.Robert L. HollisINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDInstallVersion.compareTo() DoS and Code Execution VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaMozilla FirefoxFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla Framed Site Spoofing VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaA regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.Robert L. HollisJonathan BakerChristine WalzerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox External App Code Acceptance VulnerabilityMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Mozilla FirefoxFirefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.Robert L. HollisChristine WalzerJonathan BakerINTERIMMatthew WojcikACCEPTEDINTERIMACCEPTEDMatthew WojcikMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDFirefox and Mozilla Javascript Dialog Box SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."Robert L. HollisChristine WalzerJonathan BakerMatthew WojcikINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla DOM Node SpoofingMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDFirefox and Mozilla Shared Object Code ExecutionMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.Robert L. HollisJonathan BakerINTERIMACCEPTEDINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJohn HoylandINTERIMJohn HoylandACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDACCEPTEDIFRAME in Firefox and Mozilla Permits Execution of Arbitrary Javascript in Other DomainsMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaFirefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDInstall Function in Firefox and Mozilla Permits Arbitrary Code ExecutionMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003mozillaThe install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.Robert L. HollisJonathan BakerINTERIMMatthew WojcikACCEPTEDAnna MinINTERIMACCEPTEDDaniel TarnuINTERIMACCEPTEDACCEPTEDWe think, but are not sure that the affected version of bkupexec.exe is 3.60.1.298 The file should be found in C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB817772InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822343Installednsiislog.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q823718IsInstalledcode.aspHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q232449InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{A954CDD5-A95F-414F-B3FE-FBEF9D2AECEA}IsInstalledHKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsDisableCachingOfSSLPagesodbcbcp.dllsqlsrv32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q832483IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Proxy ServerMicrosoft Proxy Serverw3proxy.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888258Installedgdi32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840987InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.0HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}DisplayVersionHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0150048383C9}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q299444Installedoval:org.mitre.oval:obj:44208oval:org.mitre.oval:obj:43819HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9}HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90530409-6000-11D3-8CFE-0150048383C9}GDIPLUS.DLLMSO.DLLHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}WindowsInstallerHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB870763Installedwins.exeHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\winsStartmsadco.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329414InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DataAccessFullInstallVer^LM/MSFTPSVC/.*$1016MSO.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0050048383C9}DisplayVersioncdo.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Exchange Server 5.5\SP5\842436aIsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\MSExchangewebHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicePackBuildHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCSDVersionjscript.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\kb823353InstalledHKEY_USERS^S-[-0-9]+\\Identities\\\{[-0-9A-Z]+\}\\Software\\Microsoft\\Outlook\ Express\\5\.0\\Mail$ShowHybridViewism.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q321599InstalledHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.1Gdiplus.dllNtoskrnl.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\ProductOptionsProductTypeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB835732InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{ 3e7bb08a-a7a3-4692-8eac-ac5e7895755b}IsInstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla \(.*\)$DisplayNamemsjava.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\ProductOptionsProductSuiteHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q319733InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q327696InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811114InstalledLM/W3SVC6014Mdbmsg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicesHKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}IsInstalledHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.10\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-6]\))$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB897715InstalledMapi32.dllssnetlib.dllHKEY_LOCAL_MACHINESOFTWARE\Rockliffe\MailSiteVersionHKEY_LOCAL_MACHINESoftware\VERITAS\Backup Exec\ServerCurrentVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\LSARestrictAnonymousHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersionCurrentVersionsqlservr.exeodsole70.dllxpqueue.dllxprepl.dllxplog70.dllxpweb70.dllxpstar.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exePathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMajorVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMinorVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q295534InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q301625Installedw3svc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{D7B44F3E-77D3-44C5-8E03-4222D9A18B7B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{61E6EAE5-7821-4AC1-9BBD-AED032A8E273}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{FF4DD9CD-F25E-425a-8B5C-A2D062781FBB}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2757B1D6-0367-4663-877C-93ECC5C01BF6}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{C34F4917-ED43-439f-9023-97B0024A2B3B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{f5de1b93-9d38-416b-b09e-aa85a8e84309}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}IsInstalledmshtml.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{716E024F-7F74-47F3-B93B-9FF7F3CBF94C}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsSecurity_HKLM_onlyHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1803HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Outlook Express\Version InfoCurrentinetcomm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRootHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \(0\.9.*\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[6-8]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-4]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[0-8]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird \(0\.[6-9]\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\(1\.7\)|\(1\.[0-7]\.[0-3]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox \(0\.[0-9].*\)$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-5]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-1]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-6]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-3]\))DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-7]\))DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla ThunderbirdCurrentVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-2]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-2]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-4]\))$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-8]\))$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla FirefoxCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\mozilla.org\MozillaCurrentVersion114.1.0.38613.70.11.4014.0.1381.27914.2.780.15.50.4927.21006.0.2713.110036.0.2716.2200^6\..*$5.50.4613.170014.0.1381.164^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([6-9]|([1-9][0-9]+))$4.2.769.15.50.4939.3005.0.3534.28005.5.0.85135,5,0,85135.1.0.85135,1,0,8513^2\.70.*$2000.81.9002.02000.81.9002.0^2\.71.*$2000.81.9042.02000.81.9042.05.5.2658.345.0.3809.015.50.4945.28002000.80.747.02000.80.747.03.70.11.463.70.11.4616.0.2800.14005.50.4937.8002.0.390.1614.0.1381.33566110.0.6626.010.0.4330.011.0.5614.04.2.764.11^2\.1.*$2.12.5118.06.0.2800.12765.50.4934.16006.0.3264.010.0.6714.0^2\.6.*$2.62.9119.110.2.5110114.0.1381.3361842.53.6202.01^2\.5.*$
4
10.0.8326.010.0.6735.010.0.8326.05.50.4943.4005.5.2558.1022653^Service Pack ([4-9]|\d{2,})$5.6.0.85135,6,0,85136.0.2800.144110
^.*ism\.dll.*$
4.2.776.115.1.3102.13554.0.1381.72654.0.1381.335635.0WinNT16.0.2800.14761^Mozilla \(.*\)5.0.3810.05.00.3700.10005.0.3831.1800Terminal Server4.2.775.1111
^.*asp\.dll.*$
5.0.1460.95.0.1462.2216.00.2800.1106333316.0.2800.14585.50.4134.01005.50.4134.06005.50.4522.180015.50.4616.2005.50.4701.24005.50.4807.23005.50.4926.2500^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-9]\)|\(1\.7\.10\))([0-1]\.[0-7]($|\s).*|[0-1]\.[0-7]\.[0-8]($|\s).*|1\.7\.10($|\s).*)(0\.[0-9].*|1\.0($|\s).*|1\.0\.[1-6]($|\s).*)^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-6]\))15,50,4807,17005.50.4952.28006.0.6603.06.0.6617.472000.80.636.02000.80.636.0^([1-5]\.[0-9].*|6\.(0.*|1|1\.([0-9]($|\..*)|[0-1][0-9]($|\..*)|20($|\..*)|21($|\..*))))$8.508.00.1942000.80.650.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.606.02000.80.628.040114.2.764.11111111111^6\.0+\.2600\.0+$16.0.2712.3001111316,0,2800,11066.0.2800.1409^0\.9($|\s).*^Mozilla Firefox \(0\.9.*\)^0\.[6-8]($|\s).*^Mozilla Thunderbird \(0\.[6-8]\)^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-4]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-4]\))^0\.[0-8]($|\s).*^Mozilla Thunderbird \(0\.[0-8]\)^0\.[6-9]($|\s).*^Mozilla Thunderbird \(0\.[6-9]\)^1\.7($|\s).*|^1\.7\.[0-3]($|\s).*^Mozilla (\(1\.7\)|\(1\.[0-7]\.[0-3]\))^0\.[0-9]($|\s).*^Mozilla Firefox \(0\.[0-9].*\)^[0-1]\.0($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\))^[0-1]\.0($|\s).*^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-5]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-5]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-1]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-1]\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-6]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-6]\))^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-3]\))^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-7]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-2]($|\s).*^Mozilla Thunderbird (\(0\.[0-9]\)|\(1\.0\)|\(1\.0\.[0-2]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-2]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-2]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-4]($|\s).*^Mozilla Firefox (\(0\.[0-9].*\)|\(1\.0\)|\(1\.0\.[0-4]\))^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-8]($|\s).*^Mozilla (\([0-1]\.[0-7]\)|\([0-1]\.[0-7]\.[0-8]\))^[0-1]\.0($|\s).*|^[0-1]\.0\.[0-3]($|\s).*^[0-1]\.[0-7]($|\s).*|^[0-1]\.[0-7]\.[0-7]($|\s).*InetPub\scripts\proxy\Microsoft Shared\OFFICE11\System\msadc\Microsoft Shared\OFFICE10^\\winsxs\\(x86|amd64)_microsoft\.windows\.gdiplus_6595b64144ccf1df_.+$|\\WinSxS\\(x86|amd64)_Microsoft\.Windows\.GdiPlus_6595b64144ccf1df_.+$\RES\system32\inetsrv\System32