The OVAL Repository5.32015-09-03T06:24:41.956-04:00Exchange Cross-Site Request Forgery vulnerability - CVE-2015-1771 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExchange HTML injection vulnerability - CVE-2015-2359 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint page content vulnerabilities – CVE-2015-1700 (MS15-047)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft SharePoint Server 2007Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2007 is installed.Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2007Microsoft Office SharePoint Server 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOWA modified canary parameter cross site scripting vulnerability - CVE-2015-1628 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExchangeDLP cross site scripting vulnerability - CVE-2015-1629 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1636 (MS15-022)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDExchange Server-Side Request Forgery vulnerability - CVE-2015-1764 (MS15-064)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forgery Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 8 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 8 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAudit report cross site scripting vulnerability - CVE-2015-1630 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint XSS vulnerability – CVE-2015-1653 (MS15-036)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8.1Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOutlook Web App token spoofing vulnerability (CVE-2014-6319) - MS14-075Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 (no Service Pack) is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 (no Service Pack) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDExchange URL redirection vulnerability (CVE-2014-6336) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS vulnerability (CVE-2014-6326) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExchange forged meeting request spoofing vulnerability - CVE-2015-1631 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS vulnerability (CVE-2014-6325) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 CU 6 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 CU 6 is installed. Microsoft Exchange Server is calendaring software, a mail server and contact manager developed by Microsoft.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExchange error message cross site scripting vulnerability - CVE-2015-1632 (MS15-026)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 7 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 7 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1633 (MS15-022)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2010 is installed.Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2010Microsoft Office SharePoint Server 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDSharePoint elevation of privilege vulnerability - CVE-2014-4116 (MS14-073)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4068) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4071) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Lync Server 2010Microsoft Lync Server 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Lync Server 2013Microsoft Lync Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability allows remote attackers to bypass Protected ModeMicrosoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.Maria MikhnoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDSharePoint Page Content Vulnerability (CVE-2014-2816) - MS14-050Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArbitrary code executing via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.Maria MikhnoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 8 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8A version of Microsoft Internet Explorer 8 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMMaria MikhnoACCEPTEDACCEPTEDService Bus Denial of Service Vulnerability - CVE-2014-2814 (MS14-042)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Service Bus 1.1Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Service Bus 1.1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Service Bus 1.1Microsoft Service Bus 1.1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWeb Applications Page Content Vulnerability (CVE-2014-1813) - MS14-022Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8Microsoft Office Web Apps 2010Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 2 is installedSecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDSharePoint XSS Vulnerability (CVE-2014-1754) - MS14-022Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft Office Web Apps Server 2013Microsoft SharePoint Server 2013 Client Components SDKCross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 Client Components SDK is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft SharePoint Server 2013 Client Components SDKMicrosoft SharePoint Server 2013 Client Components SDK is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 SP1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 SP1 is installedSecPod TeamDRAFTMaria MikhnoINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0981)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxVBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0983)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxMultiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0404Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0406Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDVirtualBox is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxVirtualBox is installedSecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSignalR XSS Vulnerability (CVE-2013-5042) - MS13-103Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Visual Studio Team Foundation ServerCross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012 R2Microsoft Windows Server 2012Microsoft Visual Studio Team Foundation ServerMicrosoft Visual Studio Team Foundation Server 2013 is installedSecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Office\\12\.0\\Registration\\\{90120000-110D-0000-[01]000-0000000FF1CE\}$ProductNameMicrosoft.office.policy.dllMicrosoft.SharePoint.Portal.dllMicrosoft.Office.Server.Search.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMinorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiProductMajorExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiInstallPathExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiInstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Exchange v15DisplayNameExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v15\SetupMsiInstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayNamemsoserverintl.dllwwintl.dllvutils.dllMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERInstallLocationascalc.dllmicrosoft.office.infopath.server.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Office Server\15.0BinPathxlsrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationstswel.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-1110-0000-1000-0000000FF1CE}DisplayNameOnetutil.dllDeploy.resources.dllMicrosoft.Rtc.Acd.Workflow.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{.*\}$DisplayNamewrtces.dllSIPStack.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}InstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionmshtml.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRootMicrosoft.ServiceBus.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Service Bus\1.1INSTALLDIRHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-1141\-0407\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERDisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-112D\-0000\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameSWORD.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SharePoint Client Components\15.0LocationHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-101F-0401-1000-0000000FF1CE\}_Office15\.WacServer\-\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-1014-0000-1000-0000000FF1CE}_Office15\.OSERVER\{[\w\-]+\}$DisplayNameMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.WacServerInstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-1014-0000-1000-0000000FF1CE}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERDisplayNameMicrosoft.Office.Server.Msg.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationwsetupui.dllMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationMicrosoft.SharePoint.Client.dllWsssetup.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxInstallDirMicrosoft.AspNet.SignalR.Core.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\TeamFoundationServer\12.0InstallPathMicrosoft Office SharePoint Server 200715.0.4719.100214.0.7149.500012.0.6721.5000Microsoft Exchange Server 2013 Cumulative Update 815.0.847.4115.0.1076.01115.0.4711.1000801414.03.0224.0018.03.0389.002Microsoft Exchange Server 2013 Cumulative Update 615.00.0847.03515.00.0995.034Microsoft Exchange Server 2013 Cumulative Update 7^Microsoft Exchange Server 2013.*$15.0.847.3815.0.1044.29Microsoft SharePoint Server 201015.0.4697.100015.0.4631.100014.0.7145.500015.0.4699.100015.0.4701.1000Microsoft SharePoint Foundation 201014.0.7137.50005.0.8308.4204.0.7577.276^Microsoft Lync Server 2010.*$^Microsoft Lync Server 2013.*$4.0.7577.2305.0.8308.80315.0.4641.1000^8\..*$8.0.7600.167228.0.7600.208618.0.7600.200002.1.40512.2^Service Pack 2 for Microsoft Office Web Apps.*$^Microsoft.* Office Web Apps$Microsoft Office Web Apps Service Pack 1 (SP1)14.0.7123.50004.1.304.3.84.2.22^Service Pack 1 for Microsoft Office Web Apps Server .*$^Service Pack 1 for Microsoft SharePoint Server 2013 .*$^Microsoft SharePoint Foundation 2013 .*$Microsoft SharePoint Server 201315.0.4514.100015.0.4561.100015.0.4609.100015.0.4615.10004.2.204.3.64.2.204.3.44.2.184.1.284.2.03.2.04.1.04.0.04.3.24.3.03.2.184.0.201.1.21022.0\Microsoft Shared\web server extensions\12\BIN\Microsoft Shared\web server extensions\15\ISAPI\Bin\Bin\Bin\15.0\WebServices\ConversionServices\1033\15.0\WebServices\ConversionServices\15.0\WebServices\Shared\VisioGraphicsServer\Bin\14.0\WebServices\WordServer\Core\15.0\bin\Microsoft Shared\web server extensions\15\BIN\Microsoft Shared\web server extensions\14\BIN\Deployment\de-DE\Application Host\Applications\Response Group\Server\Core\System32\14.0\WebServices\ConversionService\Bin\Converter\PPTConversionService\bin\Converter\15.0\bin\Microsoft Shared\SERVER15\Server Setup Controller\WSS.en-us\15.0\WebServices\ConversionService\Bin\Converter\Microsoft Shared\Web Server Extensions\14\ISAPI\Microsoft Shared\SERVER15\Server Setup ControllerApplication Tier\Web Services\bin