The OVAL Repository5.92012-02-24T04:40:01.230-05:00GDI+ BMP Integer Overflow VulnerabilityMicrosoft Office 2003Microsoft Office 2007Microsoft Office Visio 2002Microsoft Office XPMicrosoft PowerPoint ViewerMicrosoft SQL Server 2005Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2005 SP2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2005Microsoft SQL Server 2005 SP2 is installed.J. Daniel BrownDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDVulnerability in IPMI dissector in WiresharkWiresharkThe IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft JScript Memory Corruption VulnerabilityMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.Robert L. HollisDRAFTINTERIMACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDMozilla Firefox Image Preloading Content-Policy Check Security Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxThe nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApache 'Options' and 'AllowOverride' Directives Security Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxUse-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Null Pointer Dereference Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache HTTP Server request header information disclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache 'mod_proxy_balancer' Invalid bb Variable Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache mod_proxy_ftp Module Insufficient Input Validation Access Restriction Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.J. Daniel BrownDRAFTMike LahMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache 'mod_proxy_balancer' Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheCross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache 'mod_deflate' Connection State Denial Of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey XSS hazard using SVG document and binary Content-TypeMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApache mod_proxy_ajp Module Incoming Request Body Denial Of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Office Excel Record Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDApache 'mod_proxy' Remote Denial Of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox, Thunderbird and SeaMonkey Use-After-Free HTML Parser VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyUse-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 'window.location' Same Origin Policy Security Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMovie Maker and Producer Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Movie Maker 2.1Movie Maker 2.6Movie Maker 6.0Microsoft Producer 2003Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."Dragos PrisacaDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDWindows Movie Maker 2.6 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Movie Maker 2.6Windows Movie Maker 2.6 is installedDragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Producer 2003 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows VistaMicrosoft Windows XPMicrosoft PowerPoint 2002Microsoft PowerPoint 2003Microsoft PowerPoint 2007Microsoft PowerPoint 2010The application Microsoft Producer 2003 is installedJosh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Excel FNGROUPNAME Record Uninitialized Memory VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2007Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDHTML Element Cross-Domain VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."Dragos PrisacaDRAFTSudhir GandheSudhir GandheINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Office Excel Sheet Object Type Confusion VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat U3D Support Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatInteger overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerMultiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat DLL Loading in 3D Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatThe 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSMB Memory Corruption VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 3.0 and SeaMonkey Remote Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyUnspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player, Acrobat, Adobe Reader and AIR Cross Domain Request VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe ReaderAdobe AcrobatCross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.J. Daniel BrownDRAFTINTERIMJeff CockerillJeff CockerillACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMySQL 5.0 and 5.1 Clients with OpenSSL Vulnerability Allows Bypassing Server Certificate CheckingMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.0MySQL Server 5.1The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 3.5 and SeaMonkey Multiple Remote Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMySQL 5.0 and 5.1 SELECT Statement DOS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.0MySQL Server 5.1mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0245)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet ExplorerMicrosoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.Dragos PrisacaDRAFTINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDWireshark Dissector LWRES Multiple Buffer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7WiresharkMultiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox 'window.opener' Property Chrome Privilege Escalation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey Multiple Remote Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox, Thunderbird and SeaMonkey Browser Engine Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyThe browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and Sea Monkey Content Injection Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Excel MDXSET Record Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2007Microsoft Office Compatibility PackHeap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxThe TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey Web Worker Array Handling Heap Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyThe Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDURL Validation VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet ExplorerThe URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."Dragos PrisacaDRAFTJ. Daniel BrownDragos PrisacaINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Download Manager Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatMultiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache 'mod_isapi' Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Apachemodules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSMB Pathname Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 3.5 JavaScript Engine Multiple Remote Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox Cached XUL Stylesheets Security Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Data Analyzer ActiveX Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDPowerPoint File Path Handling Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2002Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Excel XLSX File Parsing Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Office SharePoint Server 2007Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMSO.DLL Buffer OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows 7Microsoft Office XPBuffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDApache APR and APR-util Multiple Integer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheMultiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.J. Daniel BrownDRAFTINTERIMJeff CockerillJeff CockerillACCEPTEDACCEPTEDWindows Kernel Double Free VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0246)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet ExplorerMicrosoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.Dragos PrisacaDRAFTINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDApache 'mod_proxy_balancer' Cross-Site Request Forgery (CSRF) VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheCross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey XSS Vulnerability due to window.dialogArguments being readable cross-domainMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWindows Kernel Exception Handler VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Remote Security Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatThe default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrotype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox jstracer.cpp Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxThe JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDSMB Null Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerHeap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDPowerPoint OEPlaceholderAtom Use After Free VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0490)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTSudhir GandheSudhir GandheINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDSMB Client Race Condition VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox Memory Consumption DoS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxThe nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla Firefoxtoolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDOffice PowerPoint Viewer TextCharsAtom Record Stack Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2003Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0248)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet ExplorerMicrosoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTJ. Daniel BrownINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDApache 'mod_proxy_ajp' Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Apachemod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.J. Daniel BrownDRAFTMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat JpxDecode Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeaMonkeyThe startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call.Nikita MRDRAFTJ. Daniel BrownINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat U3D Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatThe U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-0244)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet ExplorerMicrosoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.Dragos PrisacaDRAFTJ. Daniel BrownINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDMySQL 5.1 Privilege Bypass with DATA/INDEX DIRECTORYMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.1MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApache mod_proxy_ftp Module Insufficient Input Validation Denial Of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.J. Daniel BrownDRAFTMike LahMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDPowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDirectShow Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDPowerPoint LinkedSlideAtom Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla Seamonkeyliboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Null Pointer Dereference Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox WOFF Processing Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxInteger overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyInteger overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyThe GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheInteger overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.J. Daniel BrownDRAFTMatt HansburyMatt HansburyINTERIMACCEPTEDACCEPTEDApache HTTP Server 1.3.x is installed on the systemMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheApache HTTP Server 1.3.x is installed on the systemJ. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Excel DbOrParamQry Record Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Excel MDXTUPLE Record Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackHeap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDSMB NTLM Authentication Lack of Entropy VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/SeaMonkey Multiple Cross Domain Scripting VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption Vulnerability (CVE-2010-0492)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTSudhir GandheSudhir GandheINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDApache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheCross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.J. Daniel BrownDRAFTMike LahMike LahINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDXSS Filter Script Handling VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet ExplorerThe XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDPowerPoint Viewer TextBytesAtom Record Stack Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2003Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDlibpng buffer overflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows MessengerMicrosoft MSN MessengerAdobe Acrobat ReaderMultiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMSN Messenger 6.1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerMSN Messenger 6.1 is installedJosh TurpinDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP Professional x64 Edition SP1 is installedMicrosoft Windows XPA version of Microsoft Windows XP Professional x64 Edition Service Pack 1 is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDWindows Messenger 4.7 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Windows Messenger 4.7 is installedDragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMSN Messenger 6.2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMSN MessengerMSN Messenger 6.2 is installedRobert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (x86) Gold is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (x86) Gold is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP SP1 (32-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP1 (32-bit).Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDGoogle Chrome before 7.0.517.41 does not properly handle animated GIF imagesMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMHTML Sanitization Vulnerability (CVE-2010-3243)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Office SharePoint Server 2007Microsoft Windows SharePoint Services 3.0Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."Dragos PrisacaDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDVulnerability in extSetOwner function in UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010Microsoft Windows 7Microsoft Windows VistaMicrosoft Windows XPTrend Micro Internet Security ProThe extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTrend Micro Internet Security is installedMicrosoft Windows 7Microsoft Windows VistaMicrosoft Windows XPTrend Micro Internet Security ProTrend Micro Internet Security is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox and SeaMonkey window.navigator.plugins Object Dangling Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeaMonkeyMozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome Geolocation Feature Weakness Unspecified Memory CorruptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeGoogle Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox/Thunderbird/SeaMonkey XMLDocument::load Function Access Restrictions Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.J. Daniel BrownDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDExtra Out of Boundary Record Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/SeaMonkey Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDWebKit Hover Event Handling Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple iTunes Log File Insecure File Operation Local Privilege Escalation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesUnspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.SecPod TeamDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDVulnerability in js_InitRandom function in the JavaScript implementation in Mozilla FirefoxMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxThe js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExcel EDG Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWebKit Keyboard Focus VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Apple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Image Parsing Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit Nested HTML Tags Use-After-Free Error Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWord Index VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRBuffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDWireshark DoS Vulnerability due to IPM dissectorMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7WiresharkThe IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."Nikita MRDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel File Format Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDApple Safari TIFF Image Uninitialized Memory Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariApple iTunesImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.J. Daniel BrownDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDWebKit Editable Containers Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDFormula Substream Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDWebKit Cross-Origin Stylesheet Request Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariWebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Google Earth version 5.1.3535.3218Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle EarthUntrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGoogle Earth is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle EarthGoogle Earth is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWebKit HTML Fragment Cross Site Scripting VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/SeaMonkey nsTreeSelection Use-After-Free VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyUse-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items.J. Daniel BrownDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDMySQL 6.0 and 5.1 XPath Expression DOS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 6.0MySQL Server 5.1sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMySQL 6.0.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 6.0MySQL Server 6.0.0 is installedJ. Daniel BrownDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerBuffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWord Bookmarks VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player Invalid Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDApple Quicktime QTPlugin.ocx ActiveX IPersistPropertyBag2::Read Function _Marshaled_pUnk Memory CorruptionMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeThe IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshaling of an untrusted pointer.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit SVG 'use' Element Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMedia Decompression VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Windows Media Format Runtime 9.0Windows Media Format Runtime 9.5Windows Media Format Runtime 11Quartz.dll (DirectShow)Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k Keyboard Layout VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 QDMC Encoded Audio Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeCoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Exhaustion VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPRealPlayerRealPlayer SPUnspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit HTML Document textarea Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Multiple Vulnerabilities that could lead to code executionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRMultiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDBuffer Overflow Vulnerability in Adobe Download Manager, used in Adobe Reader and AcrobatMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatBuffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters.Preeti SubramanianDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDColorSync in Apple Safari Heap Buffer Overflow VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariHeap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 FlashPix Encoded Movie Handling Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeInteger overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit Option Recursive Use Element Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatBuffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Microsoft Internet Explorer 8 Developer Tools VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinDEPRECATEDChandan SDEPRECATEDAdobe Flash Player Multiple Heap Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRMultiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Denial of Service Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-3329)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 7Microsoft Internet Explorer 8mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player 3D Parsing Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWebKit HTML Tables Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel Record Parsing Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe Captivate version 5.0.0.596 via a Trojan horse dwmapi.dllMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe CaptivateUntrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.SecPod TeamINTERIMACCEPTEDACCEPTEDAdobe Captivate is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe CaptivateAdobe Captivate is installedSecPod TeamINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/SeaMonkey Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDAdobe Reader 9.3.1 on Windows does not restrict the contents of one text field in the Launch File warning dialogMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.Preeti SubramanianDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR JPEG File Parsing Heap Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRHeap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.J. Daniel BrownDRAFTINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDACCEPTEDWebKit DOM Constructor Cross Site Scripting VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome Document API Parsing Use-after-free DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google Chrome** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1823. Reason: This candidate is a duplicate of CVE-2010-1823. Notes: All CVE users should reference CVE-2010-1823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.J. Daniel BrownDRAFTINTERIMACCEPTEDNelson BunkerDEPRECATEDShane ShafferShane ShafferDEPRECATEDAdobe Flash Player and AIR Data Injection Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 PICT Image Handling Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeInteger overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Arbitrary Code Execution and Denial of Service Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in UltraPlayer Media Player 2.112Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7UltraPlayerStack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUltraPlayer is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7UltraPlayerUltraPlayer is installedPreeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDApple iTunes MP4 File Processing Denial of Service VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesApple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.J. Daniel BrownDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Font Handling VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAnchor Element Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player PAMI Chunk Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerThe implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDCSS Special Character Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMemory Corruption Vulnerability (CVE-2010-1262)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDVulnerability in WebKit used in Google Chrome version less than 6.0.472.59 via vectors related to SVG font,aka rdar problem 8442098Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMWebKit HTML Elements Callback Use-After-Free Error Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit SVG Cross-site Scripting VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow vulnerability in IrfanView related to PSD imageMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7IrfanViewHeap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Denial of Service and Arbitrary Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Infinite Loop VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMemory Corruption via unspecified vectors vulnerability in Adobe Reader and Acrobat.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Font Parsing Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome SPDY Protocol Implementation Buffer Management Weakness Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeThe SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDEPRECATED: Untrusted search path vulnerability in ATL MFC Trace Tool as used in Microsoft Visual Studio 2010Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual StudioUntrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file.SecPod TeamDRAFTINTERIMACCEPTEDDragos PrisacaDEPRECATEDDEPRECATEDWord Boundary Check VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDWebKit 'libxml' Context Handling Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome Extension History Access Prompting Weakness Information DisclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeGoogle Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in the Math.random function in the JavaScript implementation in Mozilla FirefoxMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxThe Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExcel String Variable VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDVulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop SoftwareMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPBlackBerry Desktop SoftwareThe offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPrint Spooler Service Impersonation VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Arbitrary Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome Console Implementation Race Condition Unspecified IssueMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeRace condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Reader and Acrobat Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat ActiveX Multiple Input Validation Code Execution Vulnerabilities.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatMultiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit HTTP Redirect VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit CSS Handling VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariThe Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDVulnerability in js_InitRandom function in the JavaScript implementation in Mozilla Firefox and SeamonkeyMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxThe js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit DOM Range Objects Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDWireshark DoS Vulnerability due to DOCSIS dissectorMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7WiresharkThe DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.Nikita MRDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDOracle MySQL Malformed Packet Handling Remote Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.0MySQL Server 5.1The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPRealPlayerRealPlayer SPInteger overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-1259)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDWebKit CSS 'run-in' Display Use-After-Free Error Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWord Stack Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2003Microsoft Word 2007Microsoft Word 2010Microsoft Office Word ViewerMicrosoft Office Compatibility PackStack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Word 2010 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The application Microsoft Word 2010 is installed.Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDTLS/SSL Renegotiation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWebKit Use After Free Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome Document Origin Properties Pollution Unspecified IssueMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player Out Of Bounds Memory Indexing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRArray index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHTML Sanitization Vulnerability (CVE-2010-3324)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Windows SharePoint Services 3.0Microsoft Office SharePoint Server 2007Microsoft Office SharePoint Foundation 2010Microsoft Groove Server 2010Microsoft Office Web AppsThe toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDWebKit Non-default TCP Port Handling VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDPrivilege-escalation vulnerability in PostgreSQL version less than or equal to 9.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPostgreSQLThe PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWebKit Option Element 'ContentEditable' Attribute Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDCOM Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Excel 2003Microsoft PowerPoint 2003Microsoft Publisher 2003Microsoft Visio 2003Microsoft Word 2003Microsoft Excel 2007Microsoft PowerPoint 2007Microsoft Publisher 2007Microsoft Visio 2007Microsoft Word 2007Microsoft WordpadWindows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMJosh TurpinACCEPTEDACCEPTEDDirectory traversal vulnerability in Free Download Manager (FDM).Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Free Download ManagerDirectory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.Antu SanadiDRAFTINTERIMACCEPTEDACCEPTEDWin32k TrueType Font Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Flash Player Pointer Memory CorruptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDHTML Sanitization VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office SharePoint Server 2007Microsoft Windows SharePoint Services 3.0Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."Josh TurpinDRAFTDEPRECATEDJonathan BakerDEPRECATEDAdobe Shockwave Player 'DIRAPI.dll' Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerInteger signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDComctl32 Heap Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Stack Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRStack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Director File Parsing Invalid Offset Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave Playeriml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDExcel Object Stack Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player 3D Object Parsing Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWebKit Plain Text NTLM Credentials Passing VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit Custom Vertical Positioning Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackUnspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPRealPlayerUnspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Microsoft Windows Contacts via a Trojan horse wab32res.dllMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows ContactsUntrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file.SecPod TeamINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows VistaDragos PrisacaDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMAndrew ButtnerACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDExcel HFPicture Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/SeaMonkey XUL Tree Optgroup Dangling Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDApple iTunes Webkit Unspecified VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesUnspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.SecPod TeamDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDApple iTunes DLL Loading Arbitrary Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesUntrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.SecPod TeamDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDOracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.0MySQL Server 5.1Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDOut Of Bounds Array VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Exhaustion VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRUnspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDVulnerability in WebKit used in Google Chrome version less than 6.0.472.59 via vectors related to nested SVG elementsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Reader and Acrobat Array-indexing Error VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatArray index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple Safari PDF Handling VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit HTTPS Referer Header Passing VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDReal Time Data Array Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDRemote code execution vulnerability in Canonical Display DriverMicrosoft Windows 7Microsoft Windows Server 2008Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability via a Trojan horse mfc90loc.dll in avast! Free Antivirus version less than or equal to 5.0.594Microsoft Windows 2000Microsoft Windows 7Microsoft Windows VistaMicrosoft Windows XPavast! Free AntivirusUntrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR 'exception_count' Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRInteger overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."J. Daniel BrownDRAFTINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Dereference Deleted Heap Object VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player SWF Version Null Pointer Dereference Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDSMB Client Incomplete Response VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player DIR File Parsing Remote Code Execution VulnerabilitiesMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDActiveX control in NOS Microsystems getPlus Download Manager VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Download ManagerA certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.Preeti SubramanianDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDWebKit SVG 'RadialGradient' Attribute Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple iTunes Crafted itpc: URL Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesWebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.SecPod TeamDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDWindows Kernel Malformed Image VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVBScript Help Keypress VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008VBScript 5.1VBScript 5.6VBScript 5.7VBScript 5.8vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows during YUV420 transformationsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPRealPlayerRealPlayer SPRealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Invalid Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Heap Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDSMB Client Transaction VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionalityMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMXML Signature HMAC Truncation Authentication Bypass VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkThe design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDWebKit HTML Document Subtrees Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in WebKit used in Google Chrome version less than 6.0.472.59 via vectors related to SVG stylesMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMWebKit SVG 'use' Element Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIIS Authentication Memory Corruption VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Internet Information Server (IIS) 6.0Microsoft Internet Information Server (IIS) 7.0Microsoft Internet Information Server (IIS) 7.5Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDCross-Domain Information Disclosure Vulnerability (CVE-2010-0255)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDApple Safari Window Management VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.J. Daniel BrownDRAFTINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit XML Document Parsing Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Director File Multiple Remote Code Execution VulnerabilitiesMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerMultiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDSMB Client Memory Allocation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDIIS Repeated Parameter Request Denial of Service VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Internet Information Server (IIS) 5.1Microsoft Internet Information Server (IIS) 6.0Microsoft Internet Information Server (IIS) 7.0Microsoft Internet Information Server (IIS) 7.5Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."Dragos PrisacaDRAFTDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft IIS 5.1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft IIS 5.1 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft IIS 6.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft IIS 6.0 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDAdobe Flash Player URL Parsing Vulnerability that could lead to cross-site scripting (Firefox and Chrome browsers only)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRCross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDHeap Based Buffer Overflow in Outlook VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Outlook 2002Microsoft Outlook 2003Microsoft Outlook 2007Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMSharath SACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-1261)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Microsoft Visio 2003Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Visio 2003Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWord Uninitialized Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRUnspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Flash Player, Acrobat Reader, and Acrobat 'authplay.dll' Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe ReaderAdobe AcrobatAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple iTunes Install or Update Privilege Escalation VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesRace condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.J. Daniel BrownDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerInteger overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatBuffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit IBM1147 Character Set Text Transform Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDWebKit Path Traversal VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariMultiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 Sorenson Encoded Movie Handling Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeQuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVBE6.DLL Stack Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Office 2000Microsoft Office XPMicrosoft Office 2003Microsoft Office 2007Microsoft Visual Basic for ApplicationsVBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office 2000 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office 2000 is installed.Robert L. HollisINTERIMGlenn StricklandACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDMicrosoft Visual Basic 6.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Visual Basic 6.0 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDOpenType CFF Font Driver Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWebKit 'ConditionEventListener' Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariDouble free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Uninitialized Memory VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 RLE Encoded Movie Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeHeap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple iTunes JavaScriptCore Page Transitions Denial Of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesUse-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.SecPod TeamDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-3328)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit CSS 'format()' Arguments Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariThe Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerHeap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApple Safari Prior to 4.0.5 Configuration Bypass WeaknessMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariPubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDLibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariApple iTunesBuffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.J. Daniel BrownDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 H.261 Encoded Movie Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeHeap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel Record Parsing Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDWebKit 'removeChild' DOM Method Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit 'removeChild()' Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDProblem in handling fonts in Google Chrome version less than 4.1.249.1064Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMWord Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2003Microsoft Office Word ViewerMicrosoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDWebKit Caption Element Handling Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDFormula Biff Record VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDWebKit HTML Button Use After Free Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWord Index Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR NULL Pointer Exception Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDWord Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Font Parsing Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Code Execution via crafted image Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMultiple stack-based buffer overflows in Free Download Manager (FDM).Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Free Download ManagerMultiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect.Antu SanadiDRAFTINTERIMACCEPTEDACCEPTEDFree Download Manager is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Free Download ManagerFree Download Manager is installedAntu SanadiDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDWebKit 'Node.normalize' Method Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR 'intf_count' Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRInteger overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDVMWare Tools is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7VMWare ToolsVMWare Tools is installed on the systemJ. Daniel BrownDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 Color Tables Handling Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows 7Microsoft Windows VistaApple QuickTimeApple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple iTunes Crafted itpc: URL Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesBuffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.SecPod TeamDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Cross-site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatCross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit 'first-letter' CSS Style Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVulnerability in Adobe Reader 8.x and 9.x on Windows - to execute EXE files embedded in a PDF documentMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.Preeti SubramanianDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey Chrome Privilege Escalation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeaMonkeyMozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWord Return Value VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Multiple Unspecified Remote Code Execution VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRMultiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey Arbitrary Code Execution With Firebug XMLHttpRequestSpy Module VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeaMonkeyMozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 BMP Image Handling Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeApple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Privilege Escalation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRUnspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMHTML Mime-Formatted Request VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDWin32k Window Creation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.J. Daniel BrownDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Heap-based Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatHeap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome Pop-up Blocking Functionality Unspecified DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeUnspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMRequest Header Buffer Overflow VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Information Server (IIS) 7.5Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDApache 'mod_proxy_http' Timeout Detection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Apachemod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDCross-Domain Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 MPEG Encoded Movie Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeHeap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x before 10.1.102.64Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Flash PlayerUntrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 QDM2 Encoded Audio Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeCoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSMB Client Response Parsing VulnerabilityMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWebKit HTML Image Element Handling Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit 'DOCUMENT_POSITION_DISCONNECTED' Attribute Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDGhost Record Type Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDApple Safari ImageIO TIFF Image Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariApple iTunesImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.J. Daniel BrownDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatBuffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.J. Daniel BrownDRAFTINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDACCEPTEDAutoComplete Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWebKit UTF-7 Encoded Data Cross Site Scripting VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in uTorrent less than or equal to 2.0.3Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPuTorrentUntrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDuTorrent 2.0.3 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPuTorrentuTorrent 2.0.3is installedSecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDCabview Corruption Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Cabinet File Viewer Shell ExtensionThe Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDApple Safari BMP Image Uninitialized Memory Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariApple iTunesImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.J. Daniel BrownDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDWebKit Object Element Fallback Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDEmbedded OpenType Font Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome Nested SVG Elements Use-after-free DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google Chrome** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1825. Reason: This candidate is a duplicate of CVE-2010-1825. Notes: All CVE users should reference CVE-2010-1825 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.J. Daniel BrownDRAFTINTERIMACCEPTEDNelson BunkerDEPRECATEDShane ShafferShane ShafferDEPRECATEDProblem in handling HTML5 media in Google Chrome version less than 4.1.249.1064Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMExcel Record Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWebKit CSS-Styled HTML Handling Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariThe Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Nullsoft Winamp 5.581 and probably other versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampUntrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDNegative Future Function VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWebKit 'src' Attribute Cross-site Scripting VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome before 7.0.517.41 does not properly perform autofill operations for formsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player and AIR URI Parsing Heap Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRHeap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDWebKit Fonts Handling Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSMB Client Message Size VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Invalid Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player, Acrobat Reader, and Acrobat Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe ReaderAdobe AcrobatAdobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox DOM Node Moving Use-After-Free Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPBlackBerry Desktop SoftwareUntrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDBlackBerry Desktop Software is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPBlackBerry Desktop SoftwareBlackBerry Desktop Software is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExcel ADO Object VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2007Microsoft Office Compatibility PackMicrosoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDExcel RTD Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWebKit Common IRC Service Port Blacklist ExclusionMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariIncomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption Vulnerability (CVE-2010-0249)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTDragos PrisacaJ. Daniel BrownINTERIMACCEPTEDSudhir GandheINTERIMSudhir GandheACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2010-3331)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Denial of Service Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTED.NET Framework x64 JIT Compiler VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft .NET FrameworkThe JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."Dragos PrisacaDRAFTJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVisio Attribute Validation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Visio 2002Microsoft Office Visio 2003Microsoft Office Visio 2007Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDApple Safari URL Schemes Handling Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariApple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAllows remote attackers to bypass the Origin Policy in Google Chrome version less than 4.1.249.1064Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeThe Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMApple Safari URL Obfuscation VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariApple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit Right-to-Left Displayed Text Handling Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPRealPlayerRealPlayer SPHeap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTLSv1 Denial of Service VulnerabilityMicrosoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 FLC Encoded Movie Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeHeap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatBuffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Unspecified Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUse-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.J. Daniel BrownDRAFTBenjamin MarandelINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWord Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Denial of Service Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656.SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUnspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMWinVerifyTrust Signature Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Authenticode Signature VerificationThe WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 H.264 Encoded Movie Handling Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeQuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 PICT Image Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeHeap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe PhotoShop CS2 through CS5Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe PhotoshopUntrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Photoshop is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe PhotoshopAdobe Photoshop is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey mailto: URL Redirection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeaMonkeyMozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 7.0.517.41 does not properly handle formsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUntrusted search path vulnerability via a Trojan horse dwmapi.dll in TeamViewer version less than or equal to 5.0.8703Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPTeamViewerUntrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTeamViewer is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPTeamViewerTeamViewer is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Prefix Protocol Handler Code Execution Vulnerability.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."SecPod TeamDRAFTINTERIMSecPod TeamSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel Record Parsing Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackUnspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245.Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDWindows Virtual Path Parsing VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDExcel Record Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRInteger overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Flash Player Use-After-Free VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRUse-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Flash Player Invalid Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDExcel Record Stack Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Apple Safari 4.0.5Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariUse-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple Quicktime Picture Viewer DLL Search Path VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTime** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple Safari Prior to 4.0.5 Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple SafariApple iTunesInteger overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.J. Daniel BrownDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDWebKit JavaScript 'execCommand' VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariThe execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDOut-of-Bounds Memory Write in Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDLotus 1-2-3 Workbook Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDOutlook Express and Windows Mail Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Outlook ExpressMicrosoft Windows MailMicrosoft Windows Live MailInteger overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Mail is installedMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Windows MailMicrosoft Windows Mail is installedSudhir GandheDRAFTRobert L. HollisINTERIMACCEPTEDDragos PrisacaINTERIMDragos PrisacaACCEPTEDACCEPTEDAdobe Reader and Acrobat Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatBuffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVisio Index Calculation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Visio 2002Microsoft Office Visio 2003Microsoft Office Visio 2007Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Prefix Protocol Handler VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMerge Cell Record Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Invalid Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome SVG Style Use-after-free DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google Chrome** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1824. Reason: This candidate is a duplicate of CVE-2010-1824. Notes: All CVE users should reference CVE-2010-1824 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.J. Daniel BrownDRAFTINTERIMACCEPTEDNelson BunkerDEPRECATEDShane ShafferShane ShafferDEPRECATEDATL COM Initialization VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Outlook 2002Microsoft Outlook 2003Microsoft Outlook 2007Microsoft Visio Viewer 2002Microsoft Office Visio Viewer 2003Microsoft Office Visio Viewer 2007Microsoft Internet ExplorerMicrosoft Visual Studio .NET 2003Microsoft Visual Studio 2005Microsoft Visual Studio 2008Microsoft Visual C++ 2005 Redistributable PackageMicrosoft Visual C++ 2008 Redistributable PackageMicrosoft Outlook ExpressWindows Media PlayerWindows ATL ComponentDHTML Editing Component ActiveX ControlHtmlInput Object ActiveX ControlThe Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDMike LahINTERIMMike LahMike LahMike LahACCEPTEDRachana ShettyINTERIMDragos PrisacaDragos PrisacaDragos PrisacaDragos PrisacaACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Visio Viewer 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Visio Viewer 2002 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio Viewer 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Office Visio Viewer 2003 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio 2008 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Visual Studio 2008 Service Pack 1 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio Viewer 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Office Visio Viewer 2007 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 5.5 SP2 is installed.Microsoft Windows 2000Microsoft Outlook Express 5.5 SP2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 6 SP1 is installed.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Outlook Express 6 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 5.01 SP4 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Internet Explorer 5.01 SP4 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 6.0 for Windows XP/2003 is installedMicrosoft Windows XPMicrosoft Outlook Express 6.0 for Windows XP/2003 is installedRobert L. HollisDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDWebKit Marquee Event 'SelectionController' Remote Code Execution VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 PICT Image Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeHeap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in IrfanView via a crafted PSD image with RLE compressionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7IrfanViewIrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDIrfanView is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7IrfanViewIrfanView is installedAntu SanadiDRAFTINTERIMACCEPTEDACCEPTEDAOL SuperBuddy ActiveX Control Remote Code Execution Vulnerability.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008AOLUse-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.Antu SanadiDRAFTTodd DolinskyINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAOL is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008AOLThe application AOL is installed.Antu SanadiDRAFTTodd DolinskyINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDArray index error vulnerability in RealNetworks RealPlayer 11.0 through 11.1Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPRealPlayerArray index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows MFC Document Title Updating Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDWord Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Clickjacking VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDOracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.0MySQL Server 5.1Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMySQL 5.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.0MySQL Server 5.0 is installedJ. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome WebKit Variable Casting Weakness Malformed SVG Document Handling Unspecified IssueMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeWebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMHTML Element Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDRTSP Use After Free VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDtoStaticHTML Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Office InfoPath 2003Microsoft Office InfoPath 2007Microsoft Office SharePoint Server 2007Microsoft Windows SharePoint Services 3.0Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDMicrosoft InfoPath 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft InfoPath 2003The application Microsoft InfoPath 2003 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (32-bit) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (32-bit) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (64-bit) is installedMicrosoft Windows Server 2003The operating system installed on the system is Microsoft Windows Server 2003 (64-bit).Sudhir GandheINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 is installedMicrosoft Windows Server 2003The operating system installed on the system is Microsoft Windows Server 2003.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDAdobe Flash Player Mouse Pointer Display Issue May Let Remote Users Conduct Clickjacking AttacksMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 M-JPEG Encoded Movie Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeHeap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability via a Trojan horse dwmapi.dll in TechSmith SnagIt version from 8.2.1 to 10.0.0(build 788)Microsoft Windows Server 2003Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPTechSmith SnagItUntrusted search path vulnerability in TechSmith SnagIt 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTechSmith SnagIt is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPTechSmith SnagItTechSmith Snagit is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player ActiveX Control Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRUnspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.J. Daniel BrownDRAFTINTERIMACCEPTEDJeff CockerillINTERIMACCEPTEDACCEPTEDAdobe Flash Player Settings Manager May Let Remote Users Conduct Clickjacking AttacksMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Loader Object Heap Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRHeap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDWebKit Malformed URL Handling Cross-site Scripting VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Google Chrome before 7.0.517.41Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMWindows Media Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Windows Media PlayerMicrosoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player v12 is installed.Microsoft Windows 7Microsoft Windows Server 2008Media PlayerWindows Media Player v12 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDWindows Media Player v10 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Media PlayerWindows Media Player v10 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows Media Player v9 is installed.Microsoft Windows XPMedia PlayerWindows Media Player v9 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWindows Media Player v11 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMedia PlayerWindows Media Player v11 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP SP2 (64-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP2 (64-bit).Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows XP is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMultiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPRealPlayerRealPlayer SPMultiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRealPlayer or RealPlayer SP is installed on the systemMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPRealPlayerRealPlayer SPRealPlayer or RealPlayer SP is installed on the systemSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow vulnerability in kavfm.sys in Kingsoft Antivirus 2010.7.30.201 and earlierMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPKingsoft AntivirusBuffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDKingsoft Antivirus is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPKingsoft AntivirusKingsoft Antivirus is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWebKit Dragging or Pasting Cross Domain Scripting VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariCross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.J. Daniel BrownDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Sandbox Bypass Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."J. Daniel BrownDRAFTINTERIMJ. Daniel BrownACCEPTEDACCEPTEDVulnerability in pl\php ADD-ON in PostgreSQL version less than or equal to 9.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPostgreSQLThe PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPostgreSQL is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPostgreSQLPostgreSQL is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Multiple Memory Corruption VulnerabilitiesMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDExcel Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDExcel Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.6 H.263 Encoded Movie Handling Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeHeap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player Invalid Object Reference Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDVulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4 to cause a denial of serviceMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMultiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 to cause a denial of serviceMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDMemory corruption error in Opera before 10.01 when processing malformed domain namesMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2009-3674)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.Dragos PrisacaDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDVulnerability in the XPCVariant::VariantDataToJS function in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxThe XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Word File Information Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2003Microsoft Office Word Viewer 2003Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat allows attackers to cause a DoS via unspecified vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatInteger overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat allow memory corruptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDHeap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 via unspecified vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyHeap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.Prabhu S ADRAFTINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDBhavya KINTERIMINTERIMOpera before 10.10 has unknown impact and attack vectors vulnerabilityMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserUnspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."Chandan SDRAFTINTERIMACCEPTEDACCEPTEDSpoofed file extensions via a crafted filename containing Unicode character in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat allow to execute arbitrary code via a crafted PDF fileMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatHeap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat denial of service (application crash) via a PDFMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatStack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Shockwave Player before 11.5.2.602 allows to cause a denial of service and possibly execute arbitrary codeMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerHeap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.Antu SanadiDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox Floating Point Memory Allocation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxArray index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.Prabhu S ADRAFTINTERIMACCEPTEDPai PengINTERIMACCEPTEDACCEPTEDExcel Index Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel Viewer 2003Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMaxthon Browser Cross-Site Scripting VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Maxthon BrowserMaxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header.Sharath SDRAFTINTERIMACCEPTEDACCEPTEDExcel Featheader Record Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel Viewer 2003Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2009-3673)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDExcel Formula Parsing Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel Viewer 2003Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet with a crafted formula embedded in a cell, aka "Excel Formula Parsing Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDOPTIONS Request in WebKit in Apple Safari Cross-Site Request Forgery (CSRF) Vulnerability.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariThe implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Silverlight and Microsoft .NET Framework CLR VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkMicrosoft SilverlightThe Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMJ. Daniel BrownJ. Daniel BrownJ. Daniel BrownACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'ashWsFtr.dll' Unspecified VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusUnspecified vulnerability in ashWsFtr.dll in Avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat allow arbitrary code executionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDMultiple vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 to cause a denial of service.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat Multiple VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatMultiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat cause Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat cause arbitrary code execution via unspecified vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatHeap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDWebKit in Apple Safari Numeric Character References Remote Memory Corruption Vulnerability.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariApple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel SxView Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Office Excel Viewer 2003Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player Unspecified Remote Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat allows attackers to bypass intended file-extensionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDUse-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of serviceMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxUse-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard eventsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework Type Verification VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkMicrosoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 (Original RTM or later) is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET FrameworkMicrosoft .NET Framework 2.0 (Original RTM or later) is installedSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDThe oggplay_data_handle_theora_frame in liboggplay in Mozilla Firefox 3.5.x before 3.5.4 to cuase denial of serviceMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxThe oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDMaxthon Browser Address Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Maxthon BrowserMaxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.Sharath SDRAFTINTERIMACCEPTEDACCEPTEDMaxthon Browser is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Maxthon BrowserThe operating system having Maxthon Browser installation.Sharath SDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 'format bug' remote arbitrary code executionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDATL COM Initialization VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownDEPRECATEDDEPRECATEDAdobe Reader and Acrobat allow arbitrary code execution and DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Shockwave Player before 11.5.2.602 allows Remote Code Execution invalid string length VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.Antu SanadiDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player before 11.5.2.602 allows Remote Code Execution invalid pointer VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.Antu SanadiDRAFTINTERIMACCEPTEDACCEPTEDWireshark Denial of Service vulnerability caused by packet-paltalk.c in the Paltalk dissectorMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Wiresharkpacket-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.Prabhu S ADRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDOpera before 10.10 allows to obtain sensitive information and XSS attacksMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption error in Opera before 10.01 when processing malformed domain namesMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2009-3671)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet ExplorerMicrosoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.Dragos PrisacaDRAFTINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDvulnerabilities in liboggz, as used in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of serviceMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMultiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatArray index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat social engineering attack via unknown vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAn unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDWebKit in Apple Safari Multiple Unspecified Vulnerabilities.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariMultiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat DoS via long sequence of # (hash) charactersMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDArbitrary code execution in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 ia a crafted regular expression in a Proxy Auto-configuration (PAC) file.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla SeamonkeyMozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.Prabhu S ADRAFTINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDBhavya KINTERIMINTERIMProject Memory Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Project 2000Microsoft Project 2002Microsoft Project 2003Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDMike LahINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Project 2002 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Project 2002 SP1 is installed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Project 2003 SP3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Project 2003The application Microsoft Project 2003 SP3 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Project 2000 SR1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Project 2000 SR1 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat cause execution of arbitrary code vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatInteger overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat bypass intended Trust Manager restrictions via unspecified vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat denial of service via a crafted documentMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat cause denial of service via unknown vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDLocal Security Authority Subsystem Service Integer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownJ. Daniel BrownINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'aswMon2.sys' Stack-based Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusStack-based buffer overflow in aswMon2.sys in Avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDInteger Overflow in X.509 Object Identifiers VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft ASN.1 LibraryInteger overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDAdobe Flash Player unspecified information disclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUntrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatBuffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDExcel Cache Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Office Excel Viewer 2003Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat cause DoS and Arbitrary ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTED"Stack-based buffer overflow in the TEA decoding algorithm in Rhino Software Serv-UMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Rhino Software Serv-UStack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHIS Command Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Host Integration Server 2000Microsoft Host Integration Server 2004 ClientMicrosoft Host Integration Server 2004Microsoft Host Integration Server 2006Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."Sudhir GandheDRAFTSudhir GandheTodd DolinskyINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2000 SP2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2000A version of Microsoft Host Integration Server 2000 SP2 is installedSudhir GandheDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2004 Client SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004 ClientA version of Microsoft Host Integration Server 2004 Client SP1 is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyTodd DolinskyINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2004 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004A version of Microsoft Host Integration Server 2004 is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyTodd DolinskyINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2000 Administrator Client is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2000 Administrator ClientA version of Microsoft Host Integration Server 2000 Administrator Client is installedSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2004 Client is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004 ClientA version of Microsoft Host Integration Server 2004 Client is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyTodd DolinskyINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2004 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2004A version of Microsoft Host Integration Server 2004 SP1 is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyTodd DolinskyINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Host Integration Server 2006 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Host Integration Server 2006A version of Microsoft Host Integration Server 2006 is installedSudhir GandheDRAFTTodd DolinskyTodd DolinskyINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat allows attackers to cause a denial of service via unknown vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAn unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDWireshark Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector to cause DoS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7WiresharkOff-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.Prabhu S ADRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAvast! Home and Professional 'aavmKer4.sys' Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusaavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAvast! AntiVirus for Windows is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Avast! AntiVirusThe application Avast! AntiVirus for Windows is installed.Sharath SDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDWireshark DoS Vulnerability due to the DCERPC/NT dissectorMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7WiresharkThe DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.Prabhu S ADRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDWireshark Integer overflow vulnerability in wiretap/erf.cMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7WiresharkInteger overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."Prabhu S ADRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat DoS or possibly execute arbitrary code via unspecified vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatInteger overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDRemote bypass vulnerability in content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 via the document.getSelection functionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla Firefoxcontent/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDApple Safari Local HTML Files Information Disclosure Vulnerability.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariApple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat cause arbitrary code execution via unspecified vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatMultiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDExcel Field Sanitization VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel Viewer 2003Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Excel Viewer 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Excel Viewer 2003The application Microsoft Excel Viewer 2003 is installed.Robert L. HollisINTERIMACCEPTEDSudhir GandheINTERIMACCEPTEDBrendan MilesINTERIMBrendan MilesACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDNull Truncation in X.509 Common Name VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft ASN.1 LibraryThe CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat cause Multiple VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatThe JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTED"SITE SET TRANSFERPROGRESS ON" FTP Command Denial of Service Vulnerability in Rhino Software Serv-UMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Rhino Software Serv-URhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.Sharath SDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDRhino Software Serv-U is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Rhino Software Serv-UThe operating system having Rhino Software Serv-U installation.Sharath SDRAFTINTERIMACCEPTEDACCEPTEDMemory Allocation VulnerabilityMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office PowerPoint Viewer 2003Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMemory Calculation VulnerabilityMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office PowerPoint Viewer 2003A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint Viewer is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe application Microsoft PowerPoint Viewer is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player before 11.5.2.602 allows arbitrary Code Execution invalid pointer VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.Antu SanadiDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat getPlus_HelperSvc.exe) local elevation of privilegesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatNOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft .NET Framework Pointer Verification VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkMicrosoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMJ. Daniel BrownJ. Daniel BrownJ. Daniel BrownACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMicrosoft Windows 2000 SP4 or later is installedMicrosoft Windows 2000The operating system installed on the system is Microsoft Windows 2000 SP4 or later.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Shockwave Player before 11.5.2.602 allows Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerArray index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.Antu SanadiDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat cause DoS (memory corruption) or execute arbitrary code via unspecified vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDMozilla Firefox 3.0.x before 3.0.15 cause a denial of service in layout/base/nsCSSFrameConstructor.cppMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla Firefoxlayout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Prabhu S ADRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat memory corruption or possibly execute arbitrary code via unspecified vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader and Acrobat might allow remote attackers to execute arbitrary code via unknown vectors.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDParsing Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Compatibility PackMicrosoft Office PowerPoint 2000Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Microsoft Office PowerPoint 2007A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2000 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPoint 2000The application Microsoft PowerPoint 2000 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat cause denial of service or possibly execute arbitrary code via unknown vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatUnspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.Chandan SDRAFTINTERIMACCEPTEDBenjamin MarandelINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDAdobe Reader 7 Series is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe Reader 7 Series is installedChandan SDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Scott QuintDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.Aharon CherninDRAFTDRAFTAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Aharon CherninDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.Scott QuintDRAFTDRAFTUse-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyUse-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.Scott QuintDRAFTDRAFTCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.Scott QuintDRAFTDRAFTGoogle Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.Shane ShafferDRAFTDRAFTAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion."Aharon CherninDRAFTDRAFTVSD File Format Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Visio Viewer 2010Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.Dragos PrisacaDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.Shane ShafferDRAFTDRAFTGoogle Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Shane ShafferDRAFTDRAFTAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.Aharon CherninDRAFTDRAFTGoogle Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.Shane ShafferDRAFTDRAFTAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.Scott QuintDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.Shane ShafferDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.Scott QuintDRAFTDRAFTKeyboard Layout Use After Free VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."Josh TurpinDRAFTDRAFTVSD File Format Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Visio Viewer 2010Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.Dragos PrisacaDRAFTDRAFTGoogle Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Shane ShafferDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.Shane ShafferDRAFTDRAFTMozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.Scott QuintDRAFTDRAFTGoogle Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTDRAFTMozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute.Scott QuintDRAFTDRAFTThe extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeThe extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.Shane ShafferDRAFTDRAFTGoogle Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.Shane ShafferDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.Aharon CherninDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.Scott QuintDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.Scott QuintDRAFTDRAFTThe ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerThe ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Scott QuintDRAFTDRAFTUnspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUnspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.Scott QuintDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Aharon CherninDRAFTDRAFTThe RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of serviceMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerThe RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.Shane ShafferDRAFTINTERIMINTERIMlibdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV fileMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media Playerlibdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.Shane ShafferDRAFTINTERIMINTERIMStack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6eMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerStack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.Shane ShafferDRAFTINTERIMINTERIMStack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeStack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.Aharon CherninDRAFTShane ShafferDRAFTNull Byte Information Disclosure VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability.Josh TurpinDRAFTDRAFTUnspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderUnspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDRace condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeRace condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.Shane ShafferDRAFTDRAFTInteger overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6cMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerInteger overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.Shane ShafferDRAFTINTERIMINTERIMHeap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerHeap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.Shane ShafferDRAFTINTERIMINTERIMAdobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.Aharon CherninDRAFTINTERIMINTERIMAfdPoll Elevation of Privilege VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."Josh TurpinDRAFTDRAFTHeap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerHeap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.Shane ShafferDRAFTINTERIMINTERIMStack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeStack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMArgument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentArgument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.Aharon CherninDRAFTDRAFTJava Development Kit is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SE JDKJava Development Kit is installed.Scott QuintDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Scott QuintDRAFTDRAFTInteger overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6eMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerInteger overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.Shane ShafferDRAFTINTERIMINTERIMThe internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMCopy and Paste Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."Josh TurpinDRAFTDRAFTDirectShow Remote Code Execution VulnerabilityMicrosoft Windows XPWindows XP Media Center Edition 2005Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."Dragos PrisacaDRAFTJosh TurpinINTERIMINTERIMMozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDXSS in wizardlist.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."Josh TurpinDRAFTDRAFTGoogle Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Shane ShafferDRAFTDRAFTBuffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesBuffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDlibxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle Chromelibxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Shane ShafferDRAFTDRAFTPublisher Function Pointer Overwrite VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Publisher 2003Microsoft Office Publisher 2007Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDInsecure Redirect in .NET Form Authentication VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMINTERIMMozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.Scott QuintDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.Aharon CherninDRAFTDRAFTInteger overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe ReaderInteger overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.Aharon CherninDRAFTDRAFTVSD File Format Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Visio Viewer 2010Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.Dragos PrisacaDRAFTDRAFTAdobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Scott QuintDRAFTINTERIMINTERIMPublisher Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Publisher 2003Microsoft Office Publisher 2007Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerStack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.Shane ShafferDRAFTShane ShafferINTERIMINTERIMAdobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.Aharon CherninDRAFTINTERIMINTERIMStack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9 on Microsoft Windows,Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerStack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.Shane ShafferDRAFTINTERIMINTERIMStack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerStack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.Shane ShafferDRAFTShane ShafferINTERIMINTERIMInteger overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerInteger overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.Shane ShafferDRAFTShane ShafferINTERIMINTERIMGoogle Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMFormat string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6dMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerFormat string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.Shane ShafferDRAFTINTERIMINTERIMVML Remote Code Execution VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."Josh TurpinDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.Aharon CherninDRAFTDRAFTtranslate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google Chrometranslate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.Scott QuintDRAFTDRAFTHeap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlierMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerHeap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.Shane ShafferDRAFTINTERIMINTERIMInteger overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerInteger overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.Shane ShafferDRAFTINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Aharon CherninDRAFTDRAFTUntrusted search path vulnerability in VideoLAN VLC before 0.9.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerInteger overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.Shane ShafferDRAFTINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBThe Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDlibxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google Chromelibxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMWindows Kernel SafeSEH Bypass VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMSSL and TLS Protocols VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMPublisher Out-of-bounds Array Index VulnerablilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Publisher 2003Microsoft Office Publisher 2007Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMXSS Filter Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Internet Explorer 8The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in input.c in VideoLAN VLC Media Player before 0.8.6cMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media Playerinput.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.Shane ShafferDRAFTINTERIMINTERIMHeap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media playerMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerHeap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.Shane ShafferDRAFTShane ShafferINTERIMINTERIMMozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page by using SVG animation accessKey events within that web page.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeHeap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBThe "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Time Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUnspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMArray index error in VLC media player 0.9.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerArray index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.Shane ShafferDRAFTINTERIMINTERIMIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMlibdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media Playerlibdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."Shane ShafferDRAFTINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBThe Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMRecord Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Excel 2003Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.Aharon CherninDRAFTDRAFTBuffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBBuffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDVideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerVideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.Shane ShafferDRAFTINTERIMINTERIMUse-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyUse-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.Aharon CherninDRAFTDRAFTGoogle Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTDRAFTIBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBIBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBStack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeInteger overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.Scott QuintDRAFTDRAFTMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTDRAFTGoogle Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMRemote denial of service in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerThe ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.Shane ShafferDRAFTINTERIMINTERIMUse-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.Shane ShafferDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla SeamonkeyMozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.Aharon CherninDRAFTDRAFTIBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBIBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDPowerPoint Insecure Library Loading VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office PowerPoint 2007Microsoft Office PowerPoint 2010Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDThe SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyThe SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMHeap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeHeap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.Aharon CherninDRAFTDRAFTGoogle Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMStack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDXSS in inplview.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."Josh TurpinDRAFTDRAFTGoogle Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMWindows Kernel Exception Handler VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDInteger underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesInteger underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMsvcrt.dll Buffer Overflow VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."Dragos PrisacaDRAFTDRAFTMultiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media playerMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerMultiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.Shane ShafferDRAFTINTERIMINTERIMGoogle Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMASP.NET Forms Authentication Ticket Caching VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMINTERIMGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary filesMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerThe browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.Shane ShafferDRAFTINTERIMINTERIMMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.Aharon CherninDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.Scott QuintDRAFTINTERIMINTERIMContent-Disposition Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBBuffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMIBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBIBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGDI Access Violation VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Josh TurpinDRAFTDRAFTVSD File Format Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Visio Viewer 2010Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.Dragos PrisacaDRAFTDRAFTMultiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6cMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerMultiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.Shane ShafferDRAFTShane ShafferINTERIMINTERIMCSRSS Local Privilege Elevation VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on WindowsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerHeap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.Shane ShafferDRAFTINTERIMINTERIMThe Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.Shane ShafferDRAFTDRAFTCollisions in HashTable May Cause DoS VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMINTERIMAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.Scott QuintDRAFTDRAFTGoogle Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMOfficeArt Shape RCE VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office PowerPoint 2007Microsoft Office Compatibility PackMicrosoft Office PowerPoint Viewer 2007Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.Aharon CherninDRAFTShane ShafferINTERIMShane ShafferINTERIMUse-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMInteger overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6iMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerInteger overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.Shane ShafferDRAFTINTERIMINTERIMBuffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeBuffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMemory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBMemory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe ReaderAdobe AcrobatUnspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Acrobat 7 Series is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe AcrobatAdobe Acrobat 7 Series is installedChandan SDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMTrueType Font Parsing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Office 2007Microsoft Office 2010Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMHeap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeHeap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTShane ShafferDRAFTOff-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeOff-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Scott QuintDRAFTDRAFTThe PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Aharon CherninDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page.Scott QuintDRAFTShane ShafferDRAFTGoogle Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in VideoLAN VLC media player 1.0.5Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerBuffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.Shane ShafferDRAFTINTERIMINTERIMInteger signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6iMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerInteger signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.Shane ShafferDRAFTINTERIMINTERIMThe PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxThe browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Scott QuintDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMHeap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBHeap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMInteger overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeInteger overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIM.NET Framework Heap Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."Dragos PrisacaDRAFTDRAFTThe event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla ThunderbirdThe event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.Scott QuintDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDUse-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Aharon CherninDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMHeap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeHeap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTShane ShafferDRAFTUnspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla ThunderbirdThe SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDWebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeWebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxUnspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxMozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMStack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBThe Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxBuffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMDouble free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeDouble free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.Shane ShafferDRAFTDRAFTWebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeWebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxUse-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUnspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMCross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxCross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBIBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxThe txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMozilla FirefoxThe Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.Aharon CherninDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxThe implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla SeamonkeyThe layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDWebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeWebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service vulnerability in VLC before 0.8.6fMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerVLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.Shane ShafferDRAFTINTERIMINTERIMMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Scott QuintDRAFTDRAFTGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxMozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.Aharon CherninDRAFTShane ShafferDRAFTMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUntrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdUntrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyUse-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMIBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBIBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMCross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxCross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMYARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyYARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeBuffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeBuffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderMultiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple integer overflows in VLC before 0.8.6f allow remote denial of serviceMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerMultiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.Shane ShafferDRAFTINTERIMINTERIMThe NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMDouble free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeDouble free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDYARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla SeamonkeyMozilla FirefoxYARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDbrowser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google Chromebrowser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Scott QuintDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player 11 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe Flash Player 11 is installed on the systemShane ShafferDRAFTShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderUnspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDCRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdCRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUnspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMHeap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeHeap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.Scott QuintDRAFTDRAFTMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.Shane ShafferDRAFTDRAFTUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAlmost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxAlmost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDXSS in themeweb.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."Josh TurpinDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDRace condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeRace condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDASP.Net Forms Authentication Bypass VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMINTERIMGoogle Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla SeamonkeyMozilla FirefoxMozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDrequests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play actionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media Playerrequests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.Shane ShafferDRAFTINTERIMINTERIMGoogle Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxUse-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMArgument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesArgument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDVSD File Format Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Visio Viewer 2010Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.Dragos PrisacaDRAFTDRAFTMicrosoft Visio Viewer 2010 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Visio Viewer 2010The application Microsoft Visio Viewer 2010 is installed.Dragos PrisacaDRAFTDRAFTPublisher Invalid Pointer VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Publisher 2003Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMInteger overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on WindowsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerInteger overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.Shane ShafferDRAFTINTERIMINTERIMStack-based buffer overflow in VideoLAN VLC Media Player 0.8.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerStack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.Shane ShafferDRAFTINTERIMINTERIMGoogle Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6dMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerStack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.Shane ShafferDRAFTINTERIMINTERIMGoogle Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeBuffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMStack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerStack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.Shane ShafferDRAFTShane ShafferINTERIMINTERIMThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDRemote Denial of Service in VideoLAN VLC Media Player 1.1.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerVLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.Shane ShafferDRAFTINTERIMINTERIMMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUnspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAntiXSS Library Bypass VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Anti-Cross Site Scripting Library V3.xMicrosoft Anti-Cross Site Scripting Library V4.0The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMultiple format string vulnerabilities in VideoLAN VLC 0.7.0 through 0.8.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerMultiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.Shane ShafferDRAFTINTERIMINTERIMAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Scott QuintDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDHTML Layout Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."Josh TurpinDRAFTDRAFTStack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxMultiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMRace condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeRace condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMultiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.Aharon CherninDRAFTDRAFTThe browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxThe browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxThe WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDStack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeApple SafariStack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUnspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMIBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBIBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDkuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBkuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.Aharon CherninDRAFTDRAFTUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxHeap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDWindows Media Player DVR-MS Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6dMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerA certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."Shane ShafferDRAFTINTERIMINTERIMGoogle Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUnspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla ThunderbirdMozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxBuffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDWebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeApple SafariWebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Scott QuintDRAFTShane ShafferDRAFTGoogle Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.Aharon CherninDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDMozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla SeamonkeyMozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed message, related to deserializing of sandbox messages.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeInteger overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed message, related to deserializing of sandbox messages.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxBuffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla SeamonkeyMozilla FirefoxMozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Shane ShafferDRAFTDRAFTGoogle Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxThe browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesBuffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeBuffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Shane ShafferDRAFTDRAFTRace condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeRace condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Scott QuintDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDUnspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBThe DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderHeap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.Aharon CherninDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxCross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxThe Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxThe WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.107 does not properly handle SVG animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly handle SVG animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesHeap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxUse-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAssembly Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMINTERIMGoogle Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMArray index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderArray index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2099.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2099.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Aharon CherninDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDGoogle Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxThe gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyUse-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe ReaderUnspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxUse-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AcrobatAdobe AirAdobe ReaderAdobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMStack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirStack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.Scott QuintDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla ThunderbirdThe appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDbrowser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google Chromebrowser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla SeamonkeyThe nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMbrowser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google Chromebrowser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderUse-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AcrobatAdobe ReaderUnspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerMultiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxThe X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxUse-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0608.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMTrueType Font Parsing VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008 R2Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMStack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerStack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDIBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBIBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxThe JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitThe JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDRace condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeRace condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUnspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMWebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Apple SafariGoogle ChromeWebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMStack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeStack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerUntrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDWebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeWebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDThe context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirInteger overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.Scott QuintDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerStack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxUnspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBMultiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2095.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2095.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDDirectory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyDirectory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderUntrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerInteger overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla SeamonkeyThe implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDThe WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyUse-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderMultiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDActive Directory Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderBuffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMWindows Mail Insecure Library Loading VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxBuffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxInteger overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.Aharon CherninDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDBuffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxBuffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDInteger underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxInteger underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUnspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.Shane ShafferDRAFTDRAFTAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Scott QuintDRAFTShane ShafferDEPRECATEDShane ShafferDEPRECATEDUnspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderUnspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Aharon CherninDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDThe ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in TrueType Font Parsing Could Allow Elevation of PrivilegeMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."Josh TurpinDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.Scott QuintDRAFTShane ShafferDRAFTInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdUnspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDrendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google Chromerendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyInteger overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.Aharon CherninDRAFTDRAFTJava Runtime Environment is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEJava Runtime Environment is installed.Scott QuintDRAFTDRAFT.NET Framework Unmanaged Objects VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4Microsoft Silverlight 4Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."Dragos PrisacaDRAFTDRAFTMicrosoft Silverlight 4 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Silverlight 4Microsoft Silverlight 4 is installedDragos PrisacaDRAFTDRAFTUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxUse-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderThe CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla SeamonkeyThe JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.Scott QuintDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla SeamonkeyMozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla FirefoxMozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerMultiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.Shane ShafferDRAFTShane ShafferINTERIMINTERIMSkia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeSkia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTShane ShafferDRAFTUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirBuffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.Aharon CherninDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDGoogle Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxThe WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AirAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.Scott QuintDRAFTScott QuintScott QuintINTERIMJosh TurpinACCEPTEDACCEPTEDAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderMultiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.Aharon CherninDRAFTShane ShafferDRAFTUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Insecure Library Loading VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008 R2Microsoft Internet Explorer 9Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDReference Counter Overflow VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyMozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMemory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBMemory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla SeamonkeyMozilla FirefoxMozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS elements.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS elements.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMA certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdMozilla SeamonkeyA certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDThe DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBThe DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDDouble free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeDouble free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxThe browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeMultiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBThe Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDIBM DB2 UDB is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPIBM DB2IBM DB2 UDB is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDGoogle Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM Lotus Notes is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPIBM Lotus NotesIBM Lotus Notes is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDWebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeApple SafariWebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDThe JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AcrobatAdobe ReaderCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."Scott QuintDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe ReaderAdobe AcrobatAdobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeThe node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyMozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderAdobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDWebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Apple SafariGoogle ChromeWebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeGoogle Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in the developer tools in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeUse-after-free vulnerability in the developer tools in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeHeap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMThe JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla FirefoxMozilla ThunderbirdThe JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyUse-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDIncomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google ChromeIncomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIM** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Google Chrome** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."Scott QuintDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Runtime EnvironmentJava Development KitUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxMozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla ThunderbirdMozilla FirefoxUnspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Java Development KitJava Runtime EnvironmentMultiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe AcrobatAdobe ReaderAdobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Mozilla SeamonkeyMozilla ThunderbirdMozilla FirefoxInteger overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDLDAPS Authentication Bypass VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."Dragos PrisacaDRAFTINTERIMDragos PrisacaACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 15.0.874.102 related to media buffersMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media buffers.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 15.0.874.102 does not prevent redirects to chrome: URLsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.Scott QuintDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 15.0.874.102 related to stale Cascading Style Sheets (CSS) token-sequence dataMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe AcrobatAdobe ReaderHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0607, and CVE-2011-0608.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Adobe Flash PlayerAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0607, and CVE-2011-0608.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player 9 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe Flash Player 9 is installed on the systemJ. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle V8 out-of-bounds write operations vulnerabilityMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMJscript9.dll Remote Code Execution VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 9Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDGoogle Chrome before 15.0.874.102 does not properly address timing issues during DOM traversalMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 15.0.874.102 does not properly handle javascript: URLsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Oracle VM VirtualBox related to Guest Additions for WindowsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.Shane ShafferDRAFTShane ShafferINTERIMACCEPTEDACCEPTEDActive Accessibility Insecure Library Loading VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 15.0.874.102 related to editing operations in conjunction with an unknown plug-in.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMFont Library File Buffer Overrun VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 15.0.874.102 related to countersMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMBody Element Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTED.NET Framework Class Inheritance VulnerabilityMicrosoft Windows XPMicrosoft Windows XP Tablet PC EditionMicrosoft Windows XP Media Center EditionMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft .NET Framework 1.0Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4Microsoft Silverlight 4Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Google Chrome before 15.0.874.102 involving history data allows URL bar spoofing via unspecified vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in Google Chrome before 15.0.874.102 involving file downloads allows remote attack vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMWin32k TrueType Font Type Translation VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBoxMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.Shane ShafferDRAFTShane ShafferINTERIMACCEPTEDACCEPTEDExcel Conditional Expression Parsing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Excel 2003Microsoft Excel 2007Microsoft Excel 2010Microsoft Office 2007Microsoft Office 2010Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Office SharePoint Server 2007Microsoft Office SharePoint Server 2010Microsoft Office Web Apps 2010Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDICMP Denial of Service VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDChart Control Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET FrameworkChart Control for Microsoft .NET Framework 3.5 Service Pack 1The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDExcel Out of Bounds Array Indexing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Excel 2003Microsoft Excel 2010Microsoft Office Excel ViewerMicrosoft Office Compatibility PackArray index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 15.0.874.102 allows remote attackers to bypass the Same Origin PolicyMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMData Access Components Insecure Library Loading VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008 R2Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMedia Center Insecure Library Loading VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDCSRSS VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."Josh TurpinDRAFTJosh TurpinINTERIMACCEPTEDACCEPTEDSharePoint Remote File Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Groove 2007Microsoft SharePoint Workspace 2010Microsoft Office Forms Server 2007Microsoft SharePoint Server 2007Microsoft SharePoint Server 2010Microsoft Office Groove Server 2007 Data BridgeMicrosoft Office Groove Management Server 2007Microsoft Groove Server 2010Microsoft Windows SharePoint Services 3.0Microsoft SharePoint Foundation 2010Microsoft Office Web Apps 2010Microsoft Word Web App 2010Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Workspace 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Workspace 2010Microsoft SharePoint Workspace 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Forms Server 2007 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Forms Server 2007Microsoft Office Forms Server 2007 is installed.Dragos PrisacaDRAFTINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Office Groove Server 2007 Data Bridge is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Groove Server 2007 Data BridgeMicrosoft Office Groove Server 2007 Data Bridge is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Groove Server 2007 Manager is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Groove Server 2007 ManagerMicrosoft Office Groove Server 2007 Manager is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDSocket Restriction Bypass VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET FrameworkMicrosoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1888)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDOption Element Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDHTML Sanitization VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2007Microsoft SharePoint Server 2010Microsoft Groove Server 2010Microsoft Windows SharePoint Services 3.0Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Groove Server 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Groove Server 2010Microsoft Groove Server 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1884)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindows Components Insecure Library Loading VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1876)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDContact Details Reflected XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows SharePoint Services 3.0Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeHeap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMpStream Release RCE VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Visio 2003Microsoft Office Visio 2007Microsoft Office Visio 2010Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visio 2010 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Visio 2010The application Microsoft Visio 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1881)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1877)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDOLEAuto32.dll Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDExcel Heap Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Excel 2003Microsoft Excel 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDXSS in SharePoint Calendar VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 'AddFavorite' Method Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 7Microsoft Internet Explorer 8Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDrag and Drop Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 through 8 spoofing vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDRace condition in Google Chrome before 15.0.874.102 allows remote denial of serviceMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeRace condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMEditform Script Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWindow Open Race Condition VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDReport Viewer Controls XSS VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Visual Studio 2005Microsoft Report Viewer 2005Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Report Viewer 2005 Redistributable Package is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Report Viewer 2005 Redistributable Package is installedJosh TurpinDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeCross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMSelection Object Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDXSLT Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDSMB Response Parsing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1882)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDExcel Memory Heap Overwrite VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac; and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Heap Overwrite Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDCSRSS Local EOP SrvWriteConsoleOutput VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008 R2Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAncillary Function Driver Elevation of Privilege VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k OTF Validation VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1883)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDOM Modification Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1887)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDLink Properties Handling Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDScroll Event Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1875)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDSecurity bypass vulnerability in Apache Tomcat 7.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatApache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 'findText()' Unicode Parsing Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 7Microsoft Internet Explorer 8mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDSelect Element Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDOffice Component Insecure Library Loading VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office 2003Microsoft Office 2007Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in Internet Explorer 8 on Windows 7Microsoft Windows 7Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDFax Cover Page Use After Free VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDExcel WriteAV VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTED.NET Framework JIT Optimization VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkThe JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDTelnet Handler Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1227)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDSharePoint XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft Windows SharePoint Services 2.0Microsoft Windows SharePoint Services 3.0Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2010 is installed.Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2010Microsoft Office SharePoint Server 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDScripting Memory Reallocation VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2VBScript 5.6VBScript 5.7VBScript 5.8JScript 5.6JScript 5.7JScript 5.8Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."Josh TurpinJosh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDGoogle Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headersMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service vulnerability in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla ThunderbirdUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMInformation disclosure vulnerability in Mozilla Firefox before 3.6 through HREF attribute of a stylesheet LINK elementMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDXML External Entities Resolution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office InfoPath 2007Microsoft Office InfoPath 2010Microsoft SQL Server 2005Microsoft SQL Server 2005 Express EditionMicrosoft SQL Server Management Studio Express (SSMSE) 2005Microsoft SQL Server 2008Microsoft SQL Server 2008 R2Microsoft Visual Studio 2005Microsoft Visual Studio 2008Microsoft Visual Studio 2010The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2005 SP3 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2005Microsoft SQL Server 2005 SP3 is installed.J. Daniel BrownDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft InfoPath 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft InfoPath 2007The application Microsoft InfoPath 2007 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2005 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2005Microsoft SQL Server 2005 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2008 SP1 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2008Microsoft SQL Server 2008 SP1 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2008 R2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2008 R2Microsoft SQL Server 2008 R2 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2008 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2008Microsoft SQL Server 2008 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2005 SP4 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2005Microsoft SQL Server 2005 SP4 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft SQL Server 2008 SP2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2008Microsoft SQL Server 2008 SP2 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft InfoPath 2010 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft InfoPath 2010The application Microsoft InfoPath 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows Kernel Metadata Parsing DOS VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMove Around the Block RCE VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office Visio 2003Microsoft Office Visio 2007Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDShift JIS Character Encoding VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDOffice Component Insecure Library Loading VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office 2003Microsoft Office 2007Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDSMB Request Parsing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."Dragos PrisacaDRAFTDragos PrisacaINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-0677)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyUse-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMWin32k Use After Free Vulnerability (CVE-2011-1878)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDTMG Firewall Client Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Forefront Threat Management Gateway 2010 ClientThe NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDFS Referral Response VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer cross-site scripting (XSS) vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 8The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.Dragos PrisacaDRAFTBrandon ShillingINTERIMACCEPTEDACCEPTEDBrowser Pool Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Opera before 11.01Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserInteger truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Groove Insecure Library Loading VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Office Groove 2007Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDRemote code execution vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDFloating Point Techno-color Time Bandit RCE VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2007Microsoft Office PowerPoint 2010Microsoft Office Compatibility PackMicrosoft PowerPoint Viewer 2007Microsoft PowerPoint ViewerMicrosoft PowerPoint Web AppMicrosoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMINTERIMUnspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Mozilla Thunderbird before 3.0.11 and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla ThunderbirdUnspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMInput validation vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSQL Injection vulnerability in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExcel Data Initialization VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDStyle Object Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDExcel Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1226)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDExcel Integer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2010Microsoft Office Excel ViewerMicrosoft Office Compatibility PackInteger underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka "Excel Integer Overrun Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyInteger overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCSRSS Local EOP AllocConsole VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008 R2The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDExcel Linked List Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2010Microsoft Office Excel ViewerMicrosoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVML Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderCross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDInteger overflow vulnerability in the mt_rand function in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaPHPInteger overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.SecPod TeamDRAFTINTERIMShane ShafferACCEPTEDACCEPTEDMultiple integer overflow vulnerabilities in the in_nsv plugin in Winamp before 5.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampMultiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUse after free vulnerability in nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyUse-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMWin32k Use After Free Vulnerability (CVE-2011-1874)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDCross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache ArchivaApache ContinuumCross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDApache Continuum is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache ContinuumApache Continuum is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDApache Archiva is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache ArchivaApache Archiva is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDtoStaticHTML Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 7Microsoft Internet Explorer 8Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBox 4.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VM VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVirtualBox is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxVirtualBox is installedSecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDNULL byte injection vulnerability in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPPHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Human Interface Device (HID) driver is prone to security bypass vulnerability.MIcrosoft Windows VistaMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows XPMicrosoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Opera before 11.01 via a crafted WAP documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArbitrary code execution vulnerability Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInput validation vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDLibrary-loading vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderUntrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Window Class Pointer Confusion VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."Josh TurpinDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDStack-based buffer overflow in rt3d.dll of Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderStack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPrivilege escalation vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1240)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-0662)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1241)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDExcel Out of Bounds Array Access VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds Array Access Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDInput validation vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 8 Developer Tools VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."Josh TurpinDRAFTINTERIMJosh TurpinACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64 EditionJonathan BakerDRAFTINTERIMACCEPTEDSudhir GandheINTERIMAndrew ButtnerACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDACCEPTEDInformation disclosure vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and Mozilla SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla ThunderbirdMozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMRemote code execution vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 through ParanoidFragmentSink protection mechanismMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMDEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in EScript.api plugin in Adobe Acrobat and Adobe Reader 9.4.0, 8.1.7 and other versions using a crafted PDF documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderThe EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-0665)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1242)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDApple iTunes Webkit Vulnerability, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of serviceMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple iTunesWebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.Quintechssential TeamScott QuintDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDVulnerability in Graphics Rendering Engine Could Allow Remote Code ExecutionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.SecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDSSL spoofing vulnerability using a crafted web site in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyThe NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMDEPRECATED: Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDInformation disclosure vulnerability in Delete Private Data feature in Opera before 11.01Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserThe Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDirectShow Insecure Library Loading VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1229)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDArbitrary code execution vulnerability Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDKerberos Spoofing VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."Josh TurpinDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDRemote code execution vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDDrag and Drop Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMHTML Mime-Formatted Request VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 in IMAP extensionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPDouble free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDDEPRECATED: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDRemote Desktop Insecure Library Loading VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1236)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0676)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDGary M. CatlinDEPRECATEDDEPRECATEDVisio Data Type Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Visio 2002Microsoft Office Visio 2003Microsoft Office Visio 2007ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Mozilla Thunderbird 3.1.x before 3.1.7 using unknown vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla ThunderbirdUnspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1237)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMIME Sniffing Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDLayouts Handling Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMultiple heap-based buffer overflow vulnerabilities in VideoLAN VLC Media Player before 1.1.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerMultiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDMFC Insecure Library Loading VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Visual Studio .NET 2003Microsoft Visual Studio 2005Microsoft Visual Studio 2008Microsoft Visual Studio 2010Microsoft Visual C++ 2005 Redistributable PackageMicrosoft Visual C++ 2008 Redistributable PackageMicrosoft Visual C++ 2010 Redistributable PackageUntrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; and Visual C++ 2005 SP1, 2008 SP1, and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio 2010 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Studio 2010Microsoft Visual Studio 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio 2005 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Visual Studio 2005 Service Pack 1 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio 2005 is installed.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Visual Studio 2005Microsoft Visual Studio 2005 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio 2008 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Visual Studio 2008 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2003 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2003 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDWin32k Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDRemote code execution vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExcel Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Office Excel ViewerMicrosoft Office Compatibility PackBuffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Mozilla Firefox 3.5.x through 3.5.8 through malicious compressed dataMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxUnspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRemote code execution vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExcel Array Indexing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Office Excel ViewerMicrosoft Office Compatibility PackStack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDPresentation Memory Corruption RCE VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Microsoft Office PowerPoint 2007Microsoft Office Compatibility PackMicrosoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Mozilla Firefox 4.0 and earlier through Javascript P elementMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArbitrary code execution vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderThe U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in in_mp4 plugin in Winamp before 5.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampThe in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDArbitrary code execution vulnerability Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderThe Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1238)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-0676)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in the MKV demuxer plugin in VideoLAN VLC media player in VideoLAN VLC Media Player before 1.1.7Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVLC Media Playerdemux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHeap based memory corruption vulnerability in "StripTags()" function within the USF and Text subtitles decoders in VideoLAN VLC Media Player 1.1 before 1.1.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVLC Media PlayerThe StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDADO Record Memory VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTED.NET Framework Stack Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkThe x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDHTTP Redirect Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVisio Attribute Validation Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Visio 2002Microsoft Office Visio 2003Microsoft Office Visio 2007The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2002 SP2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office Visio 2002 SP2 is installed.Robert L. HollisINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2007 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe application Microsoft Office Visio Professional 2007 or Microsoft Office Visio Standard 2007 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMTodd DolinskyACCEPTEDTimothy HarrisonINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office Visio 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDCSRSS Local EOP SrvSetConsoleLocalEUDC VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008 R2The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1232)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDFax Cover Page Editor Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities using unknown vectors in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and Mozilla SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla ThunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMTIFF Image Converter Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office 2002Microsoft Office Converter PackBuffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9 and 3.6.x before 3.6.2 and SeaMonkey less than 2.0.4 through IFRAME javascript elementMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMJavascript Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDEvent Handlers Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDCSS Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDMicrosoft Publisher Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Publisher 2002Microsoft Office Publisher 2003Microsoft Office Publisher 2010Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderUntrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in HTTP BIO connector in Apache Tomcat 7.0.x through 7.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatThe HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDApache Tomcat is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatApache Tomcat is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExcel Out of Bounds WriteAV VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2011-0035)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.Dragos PrisacaDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDIIS FTP Service Heap Buffer Overrun VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft FTP Service 7.0Microsoft FTP Service 7.5Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.Dragos PrisacaDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDMicrosoft IIS 7.5 is installedMicrosoft Windows 7Microsoft Windows Server 2008The application Microsoft IIS 7.5 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft IIS 7.0 is installedMicrosoft Windows VistaThe application Microsoft IIS 7.0 is installed.Jeff ItoDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in download manager in Opera before 11.01Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserThe downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDrag and Drop Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDASP.NET Padding Oracle VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft .NET FrameworkMicrosoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 1.1 Service Pack 1 is InstalledMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET FrameworkMicrosoft .NET Framework 1.1 Service Pack 1 is InstalledSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 4.0 Full is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft .NET FrameworkMicrosoft .NET Framework 4.0 Full is installedJosh TurpinDRAFTJosh TurpinJosh TurpinINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDInteger overflow vulnerability in the in_nsv plugin in Winamp before 5.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampInteger overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDOpenType Font Index VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer PDF Printing Information DisclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDExcel Improper Record Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2010Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Improper Record Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDInsecure Library Loading VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDFlashPix Image Converter Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office 2002Microsoft Office Converter PackMicrosoft Works 9Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMultiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMultiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMWin32k Use After Free Vulnerability (CVE-2011-0666)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDExcel Use after Free WriteAV VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Excel 2003Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDPrivilege escalation vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMBuffer overflow vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and Mozilla SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla ThunderbirdThe line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMWin32k Use After Free Vulnerability (CVE-2011-0667)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Graphic Object Dereferencing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office 2003Microsoft Office 2007Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDSecurity bypass vulnerability in OpenSSH version 5.6 or lowerMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpenSSHOpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOpenSSH is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpenSSHOpenSSH is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-0670)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDOLE Automation Underflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the Standard PHP Library (SPL) extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSN Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Data Access ComponentsInteger signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in in_mkv plugin in Winamp before 5.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampThe in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDOpenType Font Double Free VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDDOM Manipulation Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDRemote code execution vulnerability using incorrect indexes in XUA tree in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMConsent UI Impersonation VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDHTML Element Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDTCP/IP QOS Denial of Service VulnerabilityMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Cursor Linking VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDScripting Engines Information Disclosure VulnerabilityMicrosoft Windows 7Microsoft Windows Server 2008VBScript 5.8The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDBuffer overflow vulnerability in the in_mod plugin in Winamp before 5.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampBuffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDLayout Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 versions via vectors involving Geolocation objectsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDTask Scheduler VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1235)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 versions via vectors involving SVG use elementsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMemory Corruption Due To Invalid Index Into Array in Pubconv.dll VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Publisher 2002Microsoft Office Publisher 2003Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in Opera before 11.01Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariThe WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDTIFF Image Converter Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office 2002Microsoft Office Converter PackMicrosoft Works 9The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 15.0.874.102 related to video source handlingMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service vulnerability in Google Chrome before 8.0.552.215 via malformed video content that triggers an indexing errorMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDVR-MS VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDOpenType CMAP Table VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDArray Indexing Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Publisher 2002pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Google Chrome before 15.0.874.102 involving drag and drop operations allows URL bar spoofing via unspecified vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.Shane ShafferDRAFTINTERIMACCEPTEDShane ShafferINTERIMINTERIMDEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDRace condition vulnerability in the PCNTL extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPRace condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Insecure Library Loading VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."Dragos PrisacaDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 7.0.517.44 via vectors involving text editingMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service vulnerability in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 via unspecified vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave Playerdirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDenial of service (application crash) vulnerability in Opera version less than 10.63.3516.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDLibrary-loading vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderUntrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption Vulnerability (CVE-2011-0036)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.Dragos PrisacaDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDUnspecified ActiveX control vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAn unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDInput validation vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPresentation Buffer Overrun RCE VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability (via vectors involving scrollbars) in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSSL Server X.509 Ceritificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdMozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in the WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxThe WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCGM Image Converter Buffer Overrun VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office 2002Microsoft Office 2003Microsoft Office Converter PackBuffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDRemote code execution vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOffice Uninitialized Object Pointer VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office 2007Microsoft Office 2010Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service (application crash) vulnerability via unspecified vectors in Google Chrome before 8.0.552.215Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 versions via vectors involving inline text boxesMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDDEPRECATED: Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.SecPod TeamDRAFTINTERIMACCEPTEDManeesh KBDEPRECATEDDEPRECATEDObject Management Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDTime Element Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVirtual Function Table Corruption Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 9 is installedMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7A version of Microsoft Internet Explorer 9 is installed.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1234)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Microsoft Office PowerPoint 2007Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office PowerPoint 2007Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderCross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability (first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence) in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe Flash Player 9 and earlier versions.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUntrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome SVG Filter Stale Pointer Remote DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeGoogle Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in smtpd module in Python 2.6, 2.7, 3.1 and 3.2 alphaMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPythonMultiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDInformation disclosure vulnerability in Opera version less than 10.63.3516.0 via a crafted cross-origin documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDHTML Object Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMultiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMultiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave PlayerAdobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVulnerability in WebM libvpx (aka the VP8 Codec SDK) in Google Chrome before 7.0.517.44Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeWebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMPowerPoint Parsing Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k PFE Pointer Double Free VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderUnspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMozilla Multiple Products Document Selection Addition designMode Property XSSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyCross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows DLL hijacking attacksMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPVLC media playerUntrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVLC media player is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVLC media playerVLC media player is installedSecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDHeap Overrun in pubconv.dll VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Publisher 2002Microsoft Office Publisher 2003Microsoft Office Publisher 2007Microsoft Office Publisher 2010Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Publisher 2010 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The application Microsoft Publisher 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Multiple Products nsTextFrameUtils::TransformText Function Bidirectional Text Run OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyHeap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in dirapi.dll in Adobe Shockwave Player before 11.5.9.615Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave Playerdirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k Memory Corruption VulnerabilityMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-0675)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which cause a denial of service (memory corruption) in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome URL Character Restriction Homographic Sequence URL Bar Spoofing WeaknessMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeGoogle Chrome before 6.0.472.53 does not properly restrict the characters in URLs, which allows remote attackers to spoof the appearance of the URL bar via homographic sequences.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of Service vulnerability in Google Chrome before 7.0.517.44 via unknown vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeWebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArbitrary code execution in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 via unspecified vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave Playerdirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-0672)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1230)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDBranchCache Insecure Library Loading VulnerabilityMicrosoft Windows Server 2008Microsoft Windows 7Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDriver Improper Interaction with Windows Kernel VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDenial of service attack (during processing of editing commands) in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdUse-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Google Chrome before 7.0.517.44 via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeWebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDFlashPix Image Converter Heap Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office 2002Microsoft Office Converter PackMicrosoft Works 9The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in libxml2 in Google Chrome before 7.0.517.44Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google Chromelibxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Multiple Products Browser Engine Unspecified Memory CorruptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in OpenOffice.org version 3.2.1Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows Server 2008OpenOffice.orgInteger overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.SecPod TeamDRAFTDragos PrisacaINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMozilla Multiple Products Path Subversion Arbitrary DLL Injection Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyUntrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in parsing of a cross-domain policy file in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Flash PlayerAdobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDExcel Insufficient Record Validation VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Insufficient Record Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome Focus Handling Stale Pointer Remote DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeUse-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 7.0.517.44 via vectors involving text control selectionsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeUse-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Multiple Products nsTreeContentView Function XUL Tree Node Removal Deleted Memory Dangling Pointer Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDURL spoofing vulnerability in Opera version less than 10.63.3516.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome Sandbox Parameter Deserialization Weakness Unspecified Remote IssueMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeThe sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow vulnerability in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariInteger overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 8.0.552.215Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Google Chrome before 5.0.375.55 related to the Safe Browsing functionalityMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUnspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUnspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified impact and remote attack vectors in Google Chrome before 5.0.375.55Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaGoogle ChromeGoogle Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMPowerPoint Integer Underflow Causes Heap Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Microsoft PowerPoint Viewer 2007 Service Pack 2Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 via crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdMozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome WebSockets Implementation Integer Handling Unspecified Remote DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeThe WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla ThunderbirdMozilla FirefoxMozilla SeamonkeyThe SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.SecPod TeamDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdUntrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) attacks via a crafted web site in Opera version less than 10.63.3516.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Same Origin Policy Bypass Crafted Function XSSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in the asyncore module in Python before 3.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPythonThe asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPython is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPythonPython is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArbitrary code execution vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdMozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Ruby language support in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome Installed Extension Set Remote EnumerationMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeUnspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIM.NET Framework Array Offset VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkMicrosoft Silverlight 4Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."Dragos PrisacaDRAFTMatt HansburyINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 3.5 Original Release is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET FrameworkMicrosoft .NET Framework 3.5 Original Release is installedDragos PrisacaDRAFTINTERIMACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDGoogle Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C LibraryMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeThe Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute arbitrary code via vectors involving crafted data from the renderer process, related to a "Type Confusion" issue.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in notifications feature in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDBluetooth Stack VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDenial of service in IML32.dll in Adobe Shockwave Player before 11.5.9.615 via a .dir file with a crafted mmap record containing an invalid length of a VSWV entryMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave PlayerIML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is usedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeUnspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMExcel Memory Corruption Vulnerability (CVE-2010-2562)Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDInteger Overflow in Windows Networking VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Window Class VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDOpera before 10.61 does not properly suppress clicks on download dialogsMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDDenial of service in Google Chrome before 5.0.375.55 related to the "drag + drop" functionalityMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUnspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMTracing Registry Key ACL VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow vulnerability in ACE.dll of Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderInteger overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the implementation of unspecified DOM methods in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeThe implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service vulnerability (during processing of inline styling) in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in an unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave PlayerAn unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave PlayerStack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSMB Transaction Parsing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDenial of Service Vulnerability in certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Novell iPrint ClientA certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in news-feed preview feature in Opera before 10.61Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserThe news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDSMB Stack Exhaustion VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) and URL spoofing vulnerability in Opera version less than 10.63.3516.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Improper User Input Validation VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."Josh TurpinDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerDIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in Opera before 10.61Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserHeap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDStack based buffer overflow vulnerability in Novell File Reporter (NFR) before 1.0.2Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPNovell File ReporterStack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDNovell File Reporter is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPNovell File ReporterNovell File Reporter is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInteger truncation error in OpenOffice.org version 3.2.1Microsoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 7OpenOffice.orgsimpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."SecPod TeamDRAFTDragos PrisacaINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDOpenOffice.org is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpenOffice.orgOpenOffice.org is installed.SecPod TeamDRAFTDragos PrisacaINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDDenial of service vulnerabilty in Google Chrome before 8.0.552.215 via a crafted web siteMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUnspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple heap-based buffer overflow vulnerability in vp6.w5s (aka the VP6 codec) in Winamp earlier versions 5.59 Beta build 3033Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampMultiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.SecPod TeamDRAFTPreeti SubramanianINTERIMACCEPTEDACCEPTEDCross-Domain Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDUser-assisted remote web servers to cause a denial of service in Opera version less than 10.63.3516.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome Clipboard Copy Restriction Weakness Unspecified IssueMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeGoogle Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMA denial of service vulnerability in Mozilla Firefox via JavaScript code that performs certain string concatenation and substring operationsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571.Preeti SubramanianDRAFTPreeti SubramanianINTERIMACCEPTEDACCEPTEDVulnerability in SigComp Universal Decompressor Virtual Machine (UDVM) in WiresharkMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7WiresharkThe SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeUnspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMStack-based buffer overflow in the ASN.1 BER dissector in WiresharkMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7WiresharkStack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Novell iPrint ClientStack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDCSS bypass vulnerability in Opera before 11.01Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserThe Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of Service vulnerability in ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Novell iPrint ClientThe ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDDeveloper tools vulnerability in Google Chrome version before 4.1.249.1059.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUnspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDWord HTML Linked Objects Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2003Microsoft Office Word ViewerMicrosoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDDenial of service (application crash) vulnerability in Google Chrome before 8.0.552.215 via unspecified vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMWin32k Null Pointer De-reference Vulnerability (CVE-2011-1231)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and other versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe DreamweaverUntrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Dreamweaver is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe DreamweaverAdobe Dreamweaver is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDExcel Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2010Microsoft Office Excel ViewerMicrosoft Office Compatibility PackInteger signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Excel 2010 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The application Microsoft Excel 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkThe Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 via a crafted Director (.dir) media file with an invalid element sizeMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave Playerdirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeThe Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome Stored Autocomplete Entry Quantity Limitation Weakness Unspecified IssueMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeGoogle Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Shockwave Player Pointer Offset VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerDIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDExcel Dangling Pointer VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1228)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDSecurity bypass vulnerability in the extract function in PHP before 5.2.15Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSMB Variable Validation VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1225)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDA denial of service vulnerability in Mozilla Firefox via JavaScript code that appends long strings to the content of a P elementMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxMozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571.Preeti SubramanianDRAFTPreeti SubramanianINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerDIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: .NET Framework Array Offset VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft .NET FrameworkMicrosoft Silverlight 4** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Dragos PrisacaDRAFTDragos PrisacaDEPRECATEDDEPRECATEDMicrosoft .NET Framework 4.0 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft .NET FrameworkMicrosoft .NET Framework 4.0 is installedDragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinINTERIMJosh TurpinACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET FrameworkMicrosoft .NET Framework 2.0 Service Pack 1 is installedDragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 Service Pack 2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET FrameworkMicrosoft .NET Framework 2.0 Service Pack 2 is installedDragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 3.5 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft .NET FrameworkMicrosoft .NET Framework 3.5 SP1 is installedJosh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google Chromepage/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability (during processing of Cascading Style Sheets (CSS), 3D transforms) in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Multiple Products XUL Tree Removal Property Change Role Restriction Weakness DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1880)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerMultiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in rendering implementation in Google Chrome before 5.0.375.125Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeThe rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMSMB Client Response Parsing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Google Chrome before 8.0.552.215 via a crafted extensionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome Notifications Presenter Use-after-free DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeUse-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUninitialized Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerIML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDExcel Out of Bounds Array Indexing VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Excel 2007Microsoft Office 2007Microsoft Office Excel ViewerMicrosoft Office Compatibility PackMicrosoft Office SharePoint Server 2007Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Excel Viewer 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Excel Viewer 2007The application Microsoft Excel Viewer 2007 is installed.Kyle KeyDRAFTINTERIMACCEPTEDBrendan MilesINTERIMBrendan MilesACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2007 is installed.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Office SharePoint Server 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Excel 2007 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 2000Microsoft Excel 2007The application Microsoft Excel 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDUnspecified Vulnerability in solate sandboxed IFRAME elements in Google Chrome before 5.0.375.99Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDOfficeArt Atom RCE VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Microsoft Office PowerPoint 2007Microsoft Office Compatibility PackMicrosoft PowerPoint Viewer 2007Microsoft PowerPoint ViewerMicrosoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka "OfficeArt Atom RCE Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 5.0.375.99 related to an invalid image.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeUnspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMStack-based buffer overflow in Novell iPrint Client before 5.44Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Novell iPrint ClientStack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in WebKit while processing editable elements in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerInteger overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Multiple Products navigator.plugins DOM Plugin Array Destruction Navigator Object Dangling Pointer Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability."J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUninitialized Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDPICT Image Converter Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office 2002Microsoft Office 2003Microsoft Office Converter PackInteger overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDenial of service in Google Chrome 1.0.154.48 via JavaScript code containing an infinite loopMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.Bhavya KDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebkit Floating Point Datatype Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariWebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit in Apple Safari before 5.0.1 related to a use element in an SVG document.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariWebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox Plugin Parameter Reference Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla Firefoxlayout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDRemote code execution vulnerability via crafted HTTP response in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMWin32k Double Free VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDApple Safari Search Path Arbitrary Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariUntrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMemory leak in Adobe Flash Media Server (FMS) version 3.0.x less than 3.0.7, 3.5.x less than 3.5.5, and 4.0.x less than 4.0.1Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Flash Media ServerMemory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDEvent Handler Cross-Domain VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDVulnerability in history feature implementation in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service in Opera 9.52 due to failure to handle an IFRAME element with a mailto: URL in its SRC attribute.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1885)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDRemote code execution in Opera before 10.54 due to failure to enforce permission requirements for widget filesystem access and directory selectionMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDDenial of Service vulnerability in Google Chrome before 7.0.517.44 via unknown vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeArray index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeUse-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMSO Large SPID Read AV VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1879)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla ThunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-0671)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDWebKit in Apple Safari before 5.0.1 memory accesses vulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariWebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPHP is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPPHP is installedSecPod TeamDRAFTINTERIMSecPod TeamACCEPTEDACCEPTEDUnspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) version 3.0.x less than 3.0.7, 3.5.x less than 3.5.5, and 4.0.x less than 4.0.1Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Flash Media ServerUnspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in Opera version less than 10.63.3516.0 using a video stream as HTML5 canvas contentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWebKit in Apple Safari before 5.0.1 denial of service vulnerability related to the rendering of an inline elementMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariWebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDA denial of service caused via an animated PNG image in Opera before 10.61.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserUnspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerInteger signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDRTF Stack Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office 2003Microsoft Office 2007Microsoft Office 2010Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDInsecure Library Loading VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office 2007Microsoft Office 2010Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDDenial of service in Opera before 10.53 due to failure to handle a series of document modifications that occur asynchronously.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDFrame Tag Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDDenial of service found in Google Chrome version before 4.1.249.1059Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeThe Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerUnspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMultiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 related to font-face or use element in an SVG document.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariMultiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDArbitrary code execution vulnerability Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderThe Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnexpected truncation and improper eliding of hostnames in Google Chrome before 5.0.375.125Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service vulnerability in Google Chrome before 8.0.552.215 via unspecified vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle Chromelibvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome before 5.0.375.127 does not properly mitigate an unspecified flaw in the Windows kernelMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDouble free vulnerability in Google Chrome before 8.0.552.215 via vectors related to XPath handlingMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeDouble free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMBuffer overflow in the browser plugin in Novell iPrint Client before 5.42Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Novell iPrint ClientBuffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerIML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Untrusted search path vulnerability in Microsoft Office Groove 2007Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Groove 2007Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDMicrosoft Office Groove 2007 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Groove 2007Microsoft Office Groove is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability while processing MIME types in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeMultiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAccess ActiveX Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Access 2003Microsoft Access 2007The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Access 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Office Access 2007The application Microsoft Access 2007 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDType confusion error in Google Chrome version before 4.1.249.1059.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDNS Query VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in handling of SVG documents in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeThe implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability (during processing of Cascading Style Sheets (CSS) counter styles) in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWebKit in Apple Safari before 5.0.1 related to crafted regular expression.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariWebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVulnerability in SVG implementation in Google Chrome before 5.0.375.125Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeThe SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdThe LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernelMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWireshark Dissector LWRES Multiple Buffer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7WiresharkBuffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox and Thunderbird Same-origin Bypass Using Canvas Context VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDDenial of service Vulnerability in Google Chrome before 5.0.375.99 related to SVG documentMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerDIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMSHTML Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Opera before 11.01 via a unknown content on a web pageMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserUnspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWebKit in Apple Safari before 5.0.1 related to a floating element in an SVG document.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariWebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle MySQL 'ALTER DATABASE' Remote Denial Of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.1MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMySQL 5.1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008MySQL Server 5.1MySQL Server 5.1 is installedJ. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDPrevent pages from loading with the New Tab page's privileges in Google Chrome version before 4.1.249.1059Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in Geolocation feature in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox and Thunderbird Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanishMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla Thunderbirdintl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDArbitrary file upload in Opera before 10.60 due to failure to restrict certain interaction between plug-ins, file inputs, and the clipboard.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeCross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMOpenType Font Stack Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDRemote code execution in Opera before 10.60 due to failure to prevent certain double-click operations from running a program located on a web site.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDRace Condition Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyBuffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDHTML Element Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 8Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDIPv6 Memory Corruption VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMultiple integer overflow vulnerabilities in the in_midi plugin in Winamp before 5.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampMultiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWinamp is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWinampWinamp is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeThe autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDEPRECATED: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet ExplorerUse-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references.SecPod TeamDRAFTINTERIMDragos PrisacaDEPRECATEDDEPRECATEDUse-after-free vulnerability in WebKit in Apple Safari before 5.0.1 related to foreignObject element in an SVG document.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWireshark Dissector LWRES Multiple Buffer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7WiresharkBuffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/SeaMonkey Cross-origin data disclosure via Web Workers and importScriptsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Skype version less than or equal to 4.2.0.169Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPSkypeUntrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSkype is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPSkypeSkype is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDHTML Layout Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDVulnerability in toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeOff-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application crash), or possibly execute arbitrary code via vectors related to list markers for HTML lists, aka rdar problem 8009118.Preeti SubramanianDRAFTINTERIMACCEPTEDAkihito NakamuraINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMTIFF Image Converter Heap Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office 2002Microsoft Office Converter PackMicrosoft Works 9Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDWebKit in Apple Safari before 5.0.1 Denial of Service vulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariWebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDInput validation vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe ReaderAdobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader 10.x is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe ReaderAdobe Reader 10.x is installedSecPod TeamDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDACCEPTEDAdobe Acrobat 10.x is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe AcrobatAdobe Acrobat 10.x is installedSecPod TeamDRAFTINTERIMACCEPTEDScott QuintINTERIMACCEPTEDACCEPTEDVulnerability in large canvas handling in Google Chrome before 5.0.375.125Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in PluginGetDriverFile function in Novell iPrint Client before 5.44Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Novell iPrint ClientThe PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDNovell iPrint Client is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Novell iPrint ClientNovell iPrint Client is installedPreeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in WebKit while processing of colors in an SVG document in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k Null Pointer De-reference Vulnerability (CVE-2011-1233)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox, Thunderbird and SeaMonkey Cross-domain Data Theft Using CSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDInteger signedness error in WebKit in Apple Safari before 5.0.1 related to vectors involving a JavaScript array index.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariInteger signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple QuickTime Before 7.6.7 Stack Buffer Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Apple QuickTimeStack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Multiple Products nsTreeSelection Selection Range Calculation OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyUse-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWireshark Dissector LWRES Multiple Buffer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7WiresharkThe SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWindows Kernel Improper Validation VulnerabilityMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Multiple Products normalizeDocument Function DOM Node Removal Deleted Object Arbitrary Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyThe normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWebKit in Apple Safari before 5.0.1 related to reentrancy issue.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariWebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDCinepak Codec Decompression VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox/Thunderbird/SeaMonkey Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyjs/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox, Thunderbird, and SeaMonkey Cross-origin data leakage from script filename in error messagesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeydom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDExcel Buffer Overwrite VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2003Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Excel 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Excel 2003The application Microsoft Excel 2003 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDThe counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariThe counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k WriteAV VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDPersist Directory RCE VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Office PowerPoint 2002Microsoft Office PowerPoint 2003Microsoft Office PowerPoint 2007Microsoft Office PowerPoint 2010Microsoft Office Compatibility PackMicrosoft PowerPoint Viewer 2007Microsoft PowerPoint Viewersoft PowerPoint Web AppMicrosoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMINTERIMMicrosoft PowerPoint 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPoint 2003The application Microsoft PowerPoint 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Office PowerPoint 2007The application Microsoft PowerPoint 2007 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint Viewer 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Office PowerPoint 2007The application Microsoft PowerPoint Viewer 2007 is installed.Kyle KeyDRAFTBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft PowerPoint 2002The application Microsoft PowerPoint 2002 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft PowerPoint Viewer 2010 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft PowerPoint Viewer 2010The application Microsoft PowerPoint Viewer 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMINTERIMMicrosoft PowerPoint 2010 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office PowerPoint 2010The application Microsoft PowerPoint 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDCross-site data leakage issue in Google Chrome version less than or equal to 4.1.249.1064Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a "cross-site data leakage" issue.Karthik NDRAFTSecPod TeamPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMACCWIZ.dll Uninitialized Variable VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Access 2003The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome _blank Value Handling Pop-up Blocker BypassMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeGoogle Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMIML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to arbitrary code execution or cause a denial of serviceMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave PlayerIML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey DOM Attribute Cloning Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla SeaMonkeyUse-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDDrawing Exception Handling VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office 2003Microsoft Office 2007Microsoft Office 2010Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome Counter Node Handling Unspecified Memory CorruptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeGoogle Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Multiple Products Document Charset OBJECT Element UTF-7 XSS Protection Mechanism BypassMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMsxml2.XMLHTTP.3.0 Response Handling Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 3 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDWebKit Element Run-In Styling Use-After-Free Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariUse-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-1239)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Denial of Service IssueMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerUnspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDApache 'mod_proxy_http' Interim Response Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache HTTP Server 2.0.x is installed on the systemMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheApache HTTP Server 2.0.x is installed on the systemJ. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2011-0674)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Opera version less than 10.63.3516.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatInteger overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.Preeti SubramanianDRAFTJ. Daniel BrownINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDInteger overflow vulnerability in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariInteger overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey Location Bar Spoofing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla SeaMonkeyThe nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey Plugin Parameter 'EnsureCachedAttrParamArrays' Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla SeaMonkeyInteger overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Multiple Products XMLHttpRequest Object statusText Property Cross-origin Request Intranet Server EnumerationMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApache 'mod_cache' and 'mod_dav' Request Handling Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheThe (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyInteger overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDExcel Record Parsing WriteAV VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Excel 2002Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Excel 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Excel 2002The application Microsoft Excel 2002 is installed.Robert L. HollisDRAFTJohn HoylandINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdStack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInteger underflow vulnerability in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariInteger underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDInformation Disclosure in Opera before 10.54 due to failure to restrict access to the full pathname of a file selected for upload.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDJava security bypass vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeaMonkeyMozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMINTERIMDenial of service in Opera 9.52 due to failure to restrict the execution of mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images, a related issue to CVE-2010-0181.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDWin32k Window Creation Vulnerability (CVE-2010-1897)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDVulnerability in page/Geolocation.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeUse-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.Preeti SubramanianDRAFTINTERIMACCEPTEDNelson BunkerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVulnerability in packet-gsm_a_rr.c in the GSM A RR dissector in WiresharkMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Wiresharkpacket-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.SecPod TeamDRAFTINTERIMManeesh KBDEPRECATEDDEPRECATEDUnspecified vulnerability in Google Chrome before 5.0.375.55 allows to spoof the URL barMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUnspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMClickjacking vulnerability in Opera before 11.01Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOpera BrowserOpera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service in Opera before 10.60 due to failure to handle unclosed SPAN elements with absolute positioning.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariCross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWin32k Window Class Improper Pointer Validation VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."Josh TurpinDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in Google Chrome before 8.0.552.215 via vectors related to history handlingMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMicrosoft Outlook SMB Attachment VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Outlook 2002Microsoft Outlook 2003Microsoft Outlook 2007Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Outlook 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Outlook 2003 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Outlook 2007 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe application Microsoft Outlook 2007 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Outlook 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Outlook 2002 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDenial of service in Opera 9.52 via JavaScript code containing an infinite loops.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerIML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWord RTF Parsing Engine Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2003Microsoft Word 2007Microsoft Office Word ViewerMicrosoft Office Compatibility PackMicrosoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDVulnerability in Google Chrome before 8.0.552.215 via a crafted web siteMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMWireshark Dissector LWRES Multiple Buffer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7WiresharkThe SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDPointer leakage vulnerability in Internet ExplorerMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInformation Disclosure in Opera before 10.54 due to failure to restrict certain uses of homograph characters in domain names.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDOpenType Font Encoded Character VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."Dragos PrisacaDRAFTINTERIMJosh TurpinACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Service Pack 1 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 Service Pack 1Shane ShafferDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 R2 Itanium Edition Service Pack 1Josh TurpinDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Service Pack 1 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 R2 x64 Service Pack 1Josh TurpinDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Service Pack 1 Release Candidate is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 Service Pack 1 Release CandidateDragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) Service Pack 1 Release Candidate is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit) Service Pack 1 Release CandidateDragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) Service Pack 1 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit) Service Pack 1Shane ShafferDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 Release Candidate is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 R2 Itanium Edition Service Pack 1 Release CandidateJosh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Service Pack 1 Release Candidate is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 R2 x64 Service Pack 1 Release CandidateDragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDAdobe Reader and Acrobat CoolType.dll Font Parsing Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe AcrobatStack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.J. Daniel BrownDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Reader 9 Series is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe Reader 9 Series is installedChandan SDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDScott QuintINTERIMACCEPTEDACCEPTEDAdobe Acrobat 8 Series is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe AcrobatAdobe Acrobat 8 Series is installedChandan SDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDAdobe Reader 8 Series is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe ReaderAdobe Reader 8 Series is installedChandan SDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDScott QuintINTERIMACCEPTEDACCEPTEDAdobe Acrobat 9 Series is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe AcrobatAdobe Acrobat 9 Series is installedChandan SDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDVulnerability in text-editing implementation in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeThe text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) InsertLineBreakCommand.cpp, or (3) InsertParagraphSeparatorCommand.cpp in WebCore/editing/.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDEPRECATED: Microsoft Internet Explorer CSS Tags Remote Code Execution VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaDEPRECATEDDEPRECATEDWindows Shell VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.Josh TurpinDRAFTDragos PrisacaINTERIMACCEPTEDJosh TurpinINTERIMJ. Daniel BrownACCEPTEDACCEPTEDSize Value Heap Corruption in pubconv.dll VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Office Publisher 2002Microsoft Office Publisher 2003Microsoft Office Publisher 2007pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Publisher 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Publisher 2002 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Publisher 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Publisher 2003 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Publisher 2007 is installedMicrosoft Windows VistaMicrosoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003The application Microsoft Publisher 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerDIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDGoogle Chrome WebSockets Implementation Unspecified Remote DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeThe WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMozilla Firefox/Thunderbird/SeaMonkey Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Multiple Products on Mac OS X data: URL Crafted Font Remote DoSMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyMozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player 11.5.9.615Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave PlayerUse-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Multiple Denial of Service IssuesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerIML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Google Chrome before 7.0.517.44 via unknown vectorsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMAdobe Flash Player and AIR Unspecified Click-jacking VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox and Thunderbird Arbitrary code execution using SJOW and fast native functionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope."J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in WebKit in Apple Safari before 5.0.1 related to JavaScript string object.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariHeap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerAdobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe Shockwave Player Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Shockwave PlayerInteger signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Multiple Products FRAMESET Element cols Attribute Handling OverflowMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyInteger overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 via unspecified vectorsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave Playerdirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla SeamonkeyMozilla ThunderbirdUnspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPWiresharkUntrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.SecPod TeamDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVulnerability in JavaScript implementation in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariThe JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Chrome Privileged Object Arbitrary JavaScript Code ExecutionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdThe XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDApache 'mod_proxy_http' Timeout Handling Information Disclosure VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Apachemod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApache HTTP Server 2.2.x is installed on the systemMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7ApacheApache HTTP Server 2.2.x is installed on the systemJ. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWord Record Parsing VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2003Microsoft Word 2007Microsoft Office Word ViewerMicrosoft Office Compatibility PackMicrosoft Works 9Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Works 9.0 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Works 9The application Microsoft Works 9.0 is installed.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWireshark Dissector LWRES Multiple Buffer Overflow VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7WiresharkThe SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDWireshark is installed on the system.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7WiresharkWireshark is installed on the system.Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDGoogle Chrome Notifications Permissions Implementation Unspecified Memory CorruptionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeThe implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUse-after-free vulnerability in Google Chrome before 8.0.552.215 via vectors involving SVG animationsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeUse-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMWord RTF Parsing Buffer Overflow VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Word 2002Microsoft Word 2003Microsoft Word 2007Microsoft Office Word ViewerMicrosoft Office Compatibility PackBuffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka "Word RTF Parsing Buffer Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Word 2002 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Word 2002The application Microsoft Word 2002 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft Word Viewer is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Word Viewer is installed.Robert L. HollisDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Word 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Word 2003 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Word 2007 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaThe application Microsoft Word 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Office Compatibility Pack is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Office Compatibility PackThe application Microsoft Office Compatibility Pack is installed.Robert L. HollisDRAFTINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDCross-Domain Information Disclosure VulnerabilityMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.Josh TurpinDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 7 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet Explorer 7A version of Microsoft Internet Explorer 7 is installed.Sudhir GandheDRAFTINTERIMAndrew ButtnerACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 8 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7A version of Microsoft Internet Explorer 8 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 6The application Microsoft Internet Explorer 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDOffice Art Drawing Records VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office 2003Microsoft Office 2007Microsoft Office 2010Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office XP is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office XP is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Office 2003 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003The application Microsoft Office 2003 is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMKen LassesenACCEPTEDRachana ShettyINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft Office 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Office 2007The application Microsoft Office 2007 is installed.Jonathan BakerDRAFTINTERIMACCEPTEDRobert L. HollisINTERIMJonathan BakerACCEPTEDACCEPTEDMicrosoft Office 2010 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Office 2010The application Microsoft Office 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Google Chrome before 5.0.375.99 related to an annoyance with print dialogsMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeUnspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs."Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google Chromerendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMVulnerability in Google Chrome before 7.0.517.44 via a crafted SVG documentMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMTracing Memory Corruption VulnerabilityMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability allows remote attackers in Google Chrome version before 4.1.249.1059.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeCross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service in Google Chrome 1.0.154.48 via an HTML document with many IFRAME elements.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeGoogle Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.Bhavya KDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMCross-Site Scripting in Opera before 10.54 related to incorrect detection of the "opening site."Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserCross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeUse-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMMultiple unspecified vulnerabilities in Opera before 10.64Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserMultiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDSegmentation fault vulnerability in Adobe Flash Media Server (FMS) version 3.0.x less than 3.0.7, 3.5.x less than 3.5.5, and 4.0.x less than 4.0.1Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Flash Media ServerAdobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe Flash Media Server is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Flash Media ServerAdobe Flash Media Server is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability which allows attackers to cause a denial of service or possibly execute arbitrary code in Adobe Flash Player version less than 9.0.289.0 and 10.x less than 10.1.102.64Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerUnspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDAdobe Flash Player 10 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe Flash Player 10 is installed on the systemJ. Daniel BrownDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDVulnerability (during processing of Cascading Style Sheets (CSS) boxes) in WebKit in Apple Safari before 5.0.3 versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApple SafariWebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in SigPlus Pro 3.74 ActiveX controlMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPSigPlus Pro ActiveX controlStack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows remote attackers to execute arbitrary code via a long eighth argument (HexString) to the LCDWriteString method.Preeti SubramanianDRAFTNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDSigPlus Pro ActiveX control is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPSigPlus Pro ActiveX controlSigPlus Pro ActiveX control is installedPreeti SubramanianDRAFTNate PrzybyszewskiINTERIMACCEPTEDACCEPTEDMicrosoft Windows 2000 is installedMicrosoft Windows 2000The operating system installed on the system is Microsoft Windows 2000.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP (x86) SP2 is installedMicrosoft Windows XPA version of Microsoft Windows XP (x86) Service Pack 2 is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP1 (x86) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 Service Pack 1 (x86) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit)Jonathan BakerDRAFTINTERIMACCEPTEDSudhir GandheINTERIMAndrew ButtnerACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDDenial of service (memory corruption) via a Director movie with a crafted rcsL chunk in the Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPAdobe Shockwave PlayerThe Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDThough description mentions that vulnerability is in Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615, vendor's link shows that vulnerability is in versions less than or equal to 11.5.8.612Adobe Shockwave Player is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Adobe Shockwave PlayerThe application Adobe Shockwave Player is installed.Antu SanadiDRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDSecPod TeamINTERIMACCEPTEDACCEPTEDVulnerability in file dialogs implementation in Google Chrome before 5.0.375.127Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Preeti SubramanianDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMUnspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versionsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEUnspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDJava Development Kit is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEJava Development Kit is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDJava Runtime Environment is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle Java SEJava Runtime Environment is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting (XSS) vulnerability related to chrome://net-internals [^] URI in Google Chrome version before 4.1.249.1059.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeCross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome Image Read Access Restriction Same Origin Policy Bypass Remote Information DisclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Google ChromeWebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.J. Daniel BrownDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of Service Vulnerability in Mozilla Firefox 3.0.19 and before, 3.5.x and 3.6.xMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMozilla FirefoxMozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.Preeti SubramanianDRAFTINTERIMACCEPTEDACCEPTEDDenial of service in Opera before 10.60 via an ended event handler that changes the SRC attribute of an AUDIO element.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDPopup blocker bypass in Opera before 10.60 via a javascript: URL and a "fake click."Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDCross-site request forgery in Google Chrome version before 4.1.249.1059.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPGoogle ChromeCross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest operation.SecPod TeamDRAFTINTERIMACCEPTEDNelson BunkerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMDenial of service vulnerability in Google Chrome before 5.0.375.99Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.Antu SanadiDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDShane ShafferINTERIMINTERIMGoogle Chrome is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Google ChromeGoogle Chrome is installedPreeti SubramanianDRAFTINTERIMACCEPTEDSecPod TeamINTERIMACCEPTEDShane ShafferINTERIMShane ShafferACCEPTEDACCEPTEDThe AutoFill feature in Apple Safari before 5.0.1Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariThe AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSMB Pool Overflow VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDInformation Disclosure in Opera before 10.50 due to failure to restrict third-party domains from accessing certain widget properties.Microsoft Windows XPMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Opera BrowserOpera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.Nikita MRDRAFTINTERIMACCEPTEDACCEPTEDOpera Browser is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Opera BrowserA version of Opera Browser is installed.Nikita MRDRAFTChandan SINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDACCEPTEDMozilla Firefox and SeaMonkey 'NodeIterator' Use-after-free VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla SeaMonkeyUse-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDWin32k Bounds Checking VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Edition is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 R2 x64 EditionDragos PrisacaDRAFTINTERIMTodd DolinskyTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 x64 Edition Service Pack 2Dragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit)Pai PengDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 Itanium Edition Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) Service Pack 2 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 R2 Itanium EditionDragos PrisacaDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Edition is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 EditionPai PengDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (ia-64) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 Itanium EditionJeff ItoDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDJ. Daniel BrownINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 (32-bit) Service Pack 2Dragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows XP (x86) SP3 is installedMicrosoft Windows XPA version of Microsoft Windows XP (x86) Service Pack 3 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition Service Pack 2 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (64-bit) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 (64-bit)Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDJ. Daniel BrownINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition Service Pack 1 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 1Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) Service Pack 1 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 1Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (32-bit) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 (32-bit)Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP x64 Edition SP2 is installedMicrosoft Windows XPA version of Microsoft Windows XP Professional x64 Edition Service Pack 2 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 SP2 (x64) is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x86) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 Service Pack 2 (x86) is installed.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) SP2 is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Service Pack 2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDAdobe Flash Player and AIR Unspecified Multiple Memory Corruption VulnerabilitiesMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe AIRAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDAdobe AIR is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe AIRAdobe AIR is installed on the systemJ. Daniel BrownDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDAdobe Flash Player is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Adobe Flash PlayerAdobe Flash Player is installed on the systemPrabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDuse-after-free vulnerability in WebKit in Apple Safari before 5.0.1Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariUse-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.Antu SanadiDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDApple Safari is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Apple SafariThe application Apple Safari is installed.Sharath SDRAFTINTERIMACCEPTEDSecPod TeamINTERIMSecPod TeamACCEPTEDPreeti SubramanianINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Mozilla FirefoxMozilla ThunderbirdMozilla SeaMonkeyInteger overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDMozilla Firefox is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Mozilla FirefoxThe browser installed on the system is Mozilla FirefoxPrabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDBhavya KINTERIMINTERIMMozilla Thunderbird is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla ThunderbirdThe installed e-mail and news client on the system is Mozilla Thunderbird.Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDBhavya KINTERIMINTERIMMozilla Seamonkey is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Mozilla SeamonkeyThe installed browser on the system is Mozilla Seamonkey.Prabhu S ADRAFTINTERIMACCEPTEDJ. Daniel BrownINTERIMACCEPTEDBhavya KINTERIMINTERIMOgl.dllGdiplus.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}DisplayNamemoviemk.exemoviemk.exewmoviemk.exemoviemk.exemoviemk.dllShlwapi.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{14FD1463-1F3F-4357-9C03-2080B442F503}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E9CB13DB-20AB-43C5-B283-977C58FB5754}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E0ECA9C3-D669-4EF4-8231-00724ED9288F}Compatibility FlagsFontsub.dllAvifil32.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Group\\Apache\\1\.3(\.[1-3][0-9]|\.4[0-1]|\.[0-9])?ServerRootApacheCore.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Group\\Apache\\1\.3\..*ServerRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600208}HKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\6.0\InstallerVersionMaxHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\6.0\InstallerVersionMinHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*DisplayVersionmsmsgs.exeHKEY_LOCAL_MACHINESOFTWARE\TrendMicro\PC-cillinProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\CLSID\{15DBC3F9-9F0A-472E-8061-043D9CEC52F0}\InprocServer32HKEY_CURRENT_USERSoftware\Google\Google Earth PluscurrentVersionHKEY_LOCAL_MACHINESOFTWARE\MySQL AB\MySQL Server 6.0VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DirectXVersionWmenceng.dllWmenceng.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionProgramFilesDir (x86)Asycfilt.dllWmvcore.dllWmvcore.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AdobeCaptivate.exeHKEY_LOCAL_MACHINESOFTWARE\Ultra\UltraPlayerUPlayer.exeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Microsoft Visual Studio 2010 .*$InstallLocationspoolsv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\Word\InstallRootgroovems.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office Server\14.0\GrooveEMSInstallDirOnetutil.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0LocationStructuredquery.dllMsshsq.dllwordpad.exeComctl32.dllCdd.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvastUI.exe^getPlus.*Adobe\.exe$System.Security.dllSystem.Security.dllIisw3adm.dllAuthsspi.dllW3dt.dllasp51.dllasp.dllmsmapi32.dllmsmapi32.dllOMFCU.DLLHKEY_LOCAL_MACHINESoftware\Microsoft\Office\9.0\Registration\ProductIDvbe6.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Download Manager_is1DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Download Manager_is1DisplayIconVMWareService.exeHKEY_LOCAL_MACHINESOFTWARE\VMWare, Inc.\VMWare ToolsInstallPathcgi.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentDisplayVersionCabview.dllT2embed.dllwinamp.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinampUninstallStringHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BlackBerry_.*$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BlackBerry_.*$DisplayVersionclrjit.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\ClientInstallPathwintrust.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Photoshop.exeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer.*$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\TeamViewer.*$DisplayIconHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows MailMediaVervislib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94F9723E-900A-43C5-8F4E-AD2D2ED09273}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90520409-6000-11D3-8CFE-0150048383C9}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DevDiv\VS\Servicing\9.0SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-0052-0409-0000-0000000FF1CE}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Outlook Express\Version InfoCurrentehkeyctl.dllatl.dllvviewer.dlldhtmled.ocxatl90.dllwdhtmled.ocxinetcomm.dllMswebdvd.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IrfanViewDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IrfanViewDisplayVersioni_view32.exeHKEY_LOCAL_MACHINESOFTWARE\America Online\AOLaol.exeHKEY_LOCAL_MACHINESOFTWARE\America Online\AOL\CurrentVersionAppPathMfc40u.dllHKEY_LOCAL_MACHINESOFTWARE\MySQL AB\MySQL Server 5.0VersionWmpmde.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\InfoPath\InstallRootPathInfopath.exeinfopath.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SnagIt32.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\10.0\RegistrationUDBVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\9.0\RegistrationUDBVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MediaPlayer\PlayerUpgradePlayerVersionwwmp.dllWmp.dllSpwmp.dllHKEY_LOCAL_MACHINESOFTWARE\RealNetworks\RealPlayerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RealPlay.exeHKEY_LOCAL_MACHINESOFTWARE\Kingsoft\AntiVirusProgramPathkavfm.sysHKEY_LOCAL_MACHINESOFTWARE\Kingsoft\KISCommon\Install\kiscommonProgramPathHKEY_LOCAL_MACHINE^SOFTWARE\\PostgreSQL\\Services\\p.*$Display Namepsql.exeHKEY_LOCAL_MACHINE^SOFTWARE\\PostgreSQL\\Installations\\.*$Base DirectoryHKEY_LOCAL_MACHINE^SOFTWARE\\PostgreSQL\\Installations\\.*$VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon3DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727InstallHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Maxthon([0-9])?$HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon2DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0050048383C9}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}DisplayVersionWinproj.exeWinproj.exeWinproj.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\9.0\Common\InstallRootPathmsv1_0.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Sna Server\CurrentVersion\SetupVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Sna Server\CurrentVersion\SetupSetupModeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\6.0ProductNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\6.0ProductVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Host Integration Server\7.0ProductNameSnarpcsv.exeHKEY_LOCAL_MACHINE^SOFTWARE\\ALWIL Software\\Avast\\([0-9.]+)$ashAvast.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ashAvast.exePathxlview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B025EE03392B4E348B1A777F7A5DCE169040480900063D11C8EF10054038389CXLVIEW.EXEmsasn1.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Serv-UServ-U.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Serv-UPathpptview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\9.0\PowerPoint\InstallRootpptcnv.dllauthplay.dllauthplay.dllAcroRd32.dllHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\7.0\InstallerPathAcrobat.dllHKEY_LOCAL_MACHINESOFTWARE\Adobe\Adobe Acrobat\7.0\InstallerPathHKEY_LOCAL_MACHINEDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\7.0\InstallerENU_GUIDWinmm.dllQuartz.dlllibty_plugin.dlllibvcd_plugin.dllschannel.dlllibmp4_plugin.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{476c391c-3e0d-11d2-b948-00c04fa32195}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{33FDA1EA-80DF-11d2-B263-00A0C90D6111}Compatibility FlagsMsvcrt.dlllibtheora_plugin.dlllibvorbis_plugin.dlllibcdda_plugin.dllHKEY_LOCAL_MACHINEDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Adobe\Adobe Acrobat\7.0\InstallerENU_GUIDMsptls.dllMsptls.dllVviewer.dlloval:org.mitre.oval:obj:15714oval:org.mitre.oval:obj:23436HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\Common\InstallRootPathlibsubtitle_plugin.dllEncdec.dllWencdec.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2619340InstalledPackager.dllPackager.exeWab32.dlloval:org.mitre.oval:obj:23285oval:org.mitre.oval:obj:23316HKEY_LOCAL_MACHINESOFTWARE\Wow6432Node\Microsoft\SilverlightVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SilverlightVersionlibreal_plugin.dllHKEY_LOCAL_MACHINESOFTWARE\IBM\DB2DB2 Path NameHKEY_LOCAL_MACHINESOFTWARE\Lotus\NotesPathadamdsa.dllntdsa.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NTDS\Performancentdsai.dllroot\cimv2select DomainRole from Win32_ComputerSystemHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxVersionOleacc.dllOleaut32.dllHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxVersionExtxlsrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office Server\14.0BinPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-10F6-0000-1000-0000000FF1CE}DisplayNameSystem.Web.DataVisualization.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Chart Setup\NDP\v3.5InstallPathSystem.Web.DataVisualization.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41785C66-90F2-40CE-8CB5-1C94BFC97280}DisplayNameOart.dllOartconv.dllOdbccp32.dllpsisdecd.dllWinsrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.GROOVERDisplayNameoval:org.mitre.oval:obj:16050oval:org.mitre.oval:obj:16243HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IPFSDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IPFSDisplayNamegrooveutil.dllgrooveutil.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office Server\12.0\GrooveInstallBinRootGroove.management.server.dllPidValidator.exeOsafehtm.dllPidval.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office Server\12.0BinPathMicrosoft.office.policy.dllGroove.management.server.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\InetStpPathWWWRootSYSTEMDRIVEHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2570947\FilelistHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP3\KB2570947\FilelistHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2570947\FilelistImjpapi.dlloval:org.mitre.oval:obj:15975oval:org.mitre.oval:obj:16242HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\Visio\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\Visio\InstallRootReportViewerLP.exeInstall.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-110D-0000-1000-0000000FF1CE}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-1110-0000-1000-0000000FF1CE}DisplayNameEawfap.dllMicrosoft.office.policy.dllOWSSVR.DLLOnetutil.dllMicrosoft.SharePoint.Taxonomy.dllMicrosoft.SharePoint.Client.dllMicrosoft.office.server.dllOnetutil.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-1014-0000-0000-0000000FF1CE}DisplayNamejscript.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\InfoPath\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\SetupVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\100\DTS\SetupVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Microsoft SQL Server\\.*\\MSSQLServer\\CurrentVersion$CurrentVersionoval:org.mitre.oval:obj:15600oval:org.mitre.oval:obj:15265HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\InfoPath\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\InfoPath\InstallRootinfopath.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\infopath.exePathmicrosoft.xmleditor.dllmicrosoft.xmleditor.dllmicrosoft.xmleditor.dlloval:org.mitre.oval:obj:1436oval:org.mitre.oval:obj:15859HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\100\DTS\SetupSPsqlservr.exeSql_ssms_keyfile.dllsqlservr.exeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Microsoft SQL Server\\.*\\Setup$SQLPathMsdtssrvr.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\SetupSQLPathnsservice.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\90\NS\SetupSQLPathreportingservicesservice.exesqlwb.exemsmdsrv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E930E839-998E-42F9-97E2-71FC960DB1B7}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\SetupSPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}DisplayNameVisio.exeuml.dllsrv2.sysFwcmgmt.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Firewall Client 2004InstallRootmup.sysdfsc.sysvgx.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\continuumDisplayNameHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\archivaDisplayName^user\.agent=Apache Archiva/.*$1HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\archivaImagePath^.*about.version.number .*$1HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\continuumImagePathHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\HidServ\ParametersServiceDllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8fe85d00-4647-40b9-87e4-5eb8a52f4759}Compatibility FlagsEScript.apiEScript.apiEScript.apiHKEY_LOCAL_MACHINESOFTWARE\Clients\Media\iTunes\shell\open\commandkerberos.dllinetcomm.dll2k3mstscax.dllMstscax.dlldevenv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\VisualStudio\10.0InstallDirdevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\8.0InstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DevDiv\VS\Servicing\8.0SPdevenv.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\VisualStudio\9.0InstallDirdevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.1InstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.1\S918007InstalledMfc71.dllatl80.dllatl80.dllatl80.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Microsoft Visual Studio 2005.*$InstallLocationatl90.dllatl100.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Microsoft Visual Studio 2010.*$InstallLocationatl100.dllatl90.dllatl90.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Microsoft Visual Studio 2008.*$InstallLocationHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.+$DisplayNamein_mp4.dlllibmkv_plugin.dllMscorlib.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}DisplayVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{9[012]120000-005[13]-0000-0000-0000000FF1CE\}$HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9}ormelems.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\visio.exePathkernel32.dllCsrsrv.dllMfc42.dllFxscover.exeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Apache Tomcat .*$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Software Foundation\\Tomcat\\[0-9].*$VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMajorVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMinorVersionftpsvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322InstallSystem.Web.Extensions.dllMscorlib.dllSystem.web.dllSystem.web.dllin_nsv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenSSHDisplayName^OpenSSH for Windows v[0-9]+.*$1HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenSSHReadmeoleaut32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DataAccessFullInstallVermsado15.dllin_mkv.dllConsent.exeVbscript.dllin_mod.dllTaskcomp.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Media CenterIdentEncdec.dllsmtpd.py^\_\_version\_\_\s=\s'Python\sSMTP\sproxy\sversion\s0\.2'$1smtpd.py^\_\_version\_\_\s=\s'Python\sSMTP\sproxy\sversion\s0\.2'$1HKEY_LOCAL_MACHINESOFTWARE\VideoLan\VLC^Install_?Dir$HKEY_LOCAL_MACHINESOFTWARE\VideoLan\VLCVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\Publisher\InstallRootPathWebio.dllntdll.dllPp7x32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Common\InstallRootPathPp7x32.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Python\\PythonCore\\[\d].*\\InstallPath$^python[0-9]+\.dll$^python[0-9]+\.dll$HKEY_CURRENT_USER^SOFTWARE\\Python\\PythonCore\\[\d].*\\InstallPath$System.dllSystem.dllbthport.sysbthport.sysbthport.sysNFRAgent.exeHKEY_LOCAL_MACHINESOFTWARE\NOVELL\File Reporter\AgentInstallPathHKEY_USERS^(S-.*\\Software\\OpenOffice\.org\\OpenOffice\.org\\\d\.\d)$HKEY_LOCAL_MACHINE^SOFTWARE\\OpenOffice\.org\\OpenOffice\.org\\[0-9]\.[0-9]$HKEY_LOCAL_MACHINE^SOFTWARE\\OpenOffice\.org\\OpenOffice\.org\\[0-9]\.[0-9]\\Capabilities$ApplicationNameHKEY_LOCAL_MACHINE^SOFTWARE\\OpenOffice\.org\\OpenOffice\.org\\\d\.\d\\\{[A-Z0-9\-]+[A-Z0-9]\}$ProductVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\dreamweaver.exeexcel.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exePathHKEY_LOCAL_MACHINESOFTWARE\PHPVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Mozilla\\Mozilla Firefox\\[0-9].*\\Main$PathToExeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\ClientInstallHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\FullInstallMscorlib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5InstallSystem.dllSystem.dllmrxsmb.sysmrxsmb10.sysXLVIEW.EXEHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Registration\{90120000-110D-0000-0000-0000000FF1CE}ProductNameexcel.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exePathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Excel\InstallRootOart.dllxlsrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-10F5-0000-1000-0000000FF1CE}InstallLocationOartconv.dllexcelcnv.exeEXCEL.EXExlview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90840409-6000-11D3-8CFE-0150048383C9}InstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-10F5-0000-1000-0000000FF1CE}DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\PHP.*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\PHPHKEY_LOCAL_MACHINESOFTWARE\PHPVersiongroove.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GROOVE.EXEPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Groove\InstallRootHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90120000\-001F\-0409\-0000\-0000000FF1CE\}\_GROOVER_.*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Access\InstallRootPathMSACCESS.EXEHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSACCESS.EXEPathafd.sysdnsapi.dllHKEY_LOCAL_MACHINE^Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*DisplayName^mysqld(|-nt)\.exe$HKEY_LOCAL_MACHINE^SOFTWARE\\MySQL AB\\MySQL Server [0-9]\.[0-9]$LocationHKEY_LOCAL_MACHINESOFTWARE\MySQL AB\MySQL Server 5.1Versiontcpip.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinampDisplayNamein_midi.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinampUninstallStringHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\winamp.exeHKEY_LOCAL_MACHINESOFTWARE\Clients\Internet Call\Skype\CapabilitiesApplicationNameHKEY_LOCAL_MACHINESOFTWARE\Skype\PhoneSkypePathMSCONV97.DLLWkimg90.dllGifimp32.fltHKEY_LOCAL_MACHINEDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\10.0\InstallerENU_GUIDHKEY_LOCAL_MACHINEDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Adobe\Adobe Acrobat\10.0\InstallerENU_GUIDHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Novell iPrint ClientDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Novell iPrint ClientDisplayIconQuickTimePlayer.exeHKEY_LOCAL_MACHINESOFTWARE\Apple Computer, Inc.\QuickTimeInstallDirNtoskrnl.exeIccvid.dllIccvid.dllWiccvid.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Excel\InstallRootPathEXCEL.EXEHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\PowerPoint\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\PowerPoint\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\PowerPoint\InstallRootPathppcnv.dllppcore.dllppcore.dllpptview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Common\InstallRootPathpowerpnt.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\powerpnt.exePathPptview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\Common\InstallRootPathPreferences^\s*"name": "InvisibleHand"[^}]+}[^p]+path": "lghjfnfolmcikomdjmoiemllfnlmmoko\\[^s]+state": [01]$1HKEY_USERS^S-.*\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome$InstallLocationAccwiz.dllMSACCESS.EXEHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Access\InstallRootPathiml32.dlliml32.dllMsxml3.dlllibhttpd.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Group\\Apache\\2\.0\..*$ServerRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Excel\InstallRootEXCEL.EXEHKEY_LOCAL_MACHINEJavaHomeHKEY_LOCAL_MACHINESOFTWARE\JavaSoft\Java Development KitHKEY_LOCAL_MACHINEJavaHomeHKEY_LOCAL_MACHINESOFTWARE\JavaSoft\Java Runtime EnvironmentHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Outlook\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Outlook\InstallRootPathOutllib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Common\InstallRootPathoutlook.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEPathOutllib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Outlook\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionBuildLabAtmfd.dllHKEY_LOCAL_MACHINEDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\9.0\InstallerENU_GUIDHKEY_LOCAL_MACHINEDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Adobe\Adobe Acrobat\8.0\InstallerENU_GUIDAcroRd32.dllHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\8.0\InstallerPathHKEY_LOCAL_MACHINEDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\8.0\InstallerENU_GUIDAcroRd32.dllHKEY_LOCAL_MACHINESOFTWARE\Adobe\Acrobat Reader\9.0\InstallerPathHKEY_LOCAL_MACHINEDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Adobe\Adobe Acrobat\9.0\InstallerENU_GUIDAcrobat.dllHKEY_LOCAL_MACHINESOFTWARE\Adobe\Adobe Acrobat\9.0\InstallerPathAcrobat.dllHKEY_LOCAL_MACHINESOFTWARE\Adobe\Adobe Acrobat\8.0\InstallerPathshell32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Publisher\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Publisher\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Publisher\InstallRootPathmspub.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mspub.exePathSwInit.exeSwInit.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave PlayerDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*DisplayNamelibhttpd.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Software Foundation\\Apache\\2\.2\..*$ServerRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Works\9.0INSTALLDIRWkwpqrtf.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EtherealDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiresharkDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiresharkDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\10.0\Word\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Word\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Word\InstallRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\MOCWordcnv.dllwordview.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wordview.exePathwinword.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exePathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionmshtml.dllHKEY_LOCAL_MACHINE^Software\\Microsoft\\Office\\10\.0\\Registration\\.*$ProductIDHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\11.0\Common\InstallRootPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Common\InstallRootInstallCountHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\14.0\Common\InstallRootInstallCountMSO.DLLMso.dllMSO.DLLMso.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirrtutils.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\(Adobe )?Flash Media Server.*$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\(Adobe )?Flash Media Server.*$InstallLocationHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Adobe Flash Player .*$DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Topaz e-Signatures SigPlus .*DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Topaz e-Signatures SigPlus .*DisplayVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\(Macromedia )?Shockwave(.*Player)?$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave PlayerDisplayNamedirapi.dlldirapi.dllHKEY_LOCAL_MACHINEJavaHomeHKEY_LOCAL_MACHINESOFTWARE\JavaSoft\Java Runtime EnvironmentHKEY_LOCAL_MACHINESOFTWARE\JavaSoft\Java Runtime EnvironmentCurrentVersionHKEY_LOCAL_MACHINEJavaHomeHKEY_LOCAL_MACHINESOFTWARE\JavaSoft\Java Development KitCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\JavaSoft\Java Development Kitoval:org.mitre.oval:obj:15382oval:org.mitre.oval:obj:15822HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google ChromeDisplayNameHKEY_USERS^S-.*\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome$DisplayNameoval:org.mitre.oval:obj:15257oval:org.mitre.oval:obj:16406oval:org.mitre.oval:ste:18296HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google ChromeVersionHKEY_USERS^S-.*\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome$Versionsrv.sysHKEY_LOCAL_MACHINESOFTWARE\Clients\Mail\OperaLocalizedStringHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Opera.exePathopera.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionProgramFilesDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCSDVersionHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTUREHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionProductNamewin32k.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRootHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIRDisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Adobe Flash Player .*$^(NoD|D)isplayName$HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIRDisplayVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Adobe Flash Player .*$DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Clients\StartMenuInternet\Safari.exeHKEY_LOCAL_MACHINESOFTWARE\Clients\StartMenuInternet\Safari.exe\DefaultIconSafari.exeHKEY_LOCAL_MACHINESOFTWARE\Apple Computer, Inc.\SafariInstallDirHKEY_LOCAL_MACHINESOFTWARE\mozilla.org\SeamonkeyCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Mozilla\SeaMonkeyCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla ThunderbirdCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Mozilla\Mozilla FirefoxCurrentVersion9.00.3042.0010.0.6844.012.0.6325.500011.0.8230.02005.90.3073.02005.90.3282.0^(1\.2\.[0-9])$5.1.0.125125.5.0.05.6.0.88312.2.82.2.12Windows Movie Maker 2.6^Microsoft Producer.*2003.*$6.0.6002.181216.0.6001.225412.1.4027.06.0.6002.222456.0.6000.169376.0.6000.211392.1.4030.02.6.4038.06.0.6001.1834111.0.8320.0^([0-2]\..*|3\.0(\.1[0-5]|\.[0-9])?) .*8.2.15\.0\.([0-9]|[1-7][0-9]|8[0-7])?(|[a-z\_\-]+|\..*)$^(0\..*|1\.0(\.([0-9]|10))?|1\.2(\.[0-5])?)$6.0.3790.46036.0.2900.36536.0.2900.59125.0.3900.73492.2.1512.0.6524.500310.0.6858.02.2.131.5.3.91206.0.6001.183776.0.6000.211755.2.3790.46376.0.6000.169736.1.7600.205915.0.2195.73646.0.6002.222835.1.2600.59135.1.2600.36546.1.7600.164816.0.6002.181606.0.6001.225776.0.6002.181246.0.6000.169396.0.6000.211425.0.2195.73486.1.7600.205536.1.7600.164446.0.6001.225446.0.6001.183445.1.2600.36345.2.3790.46035.1.2600.58886.0.6002.222477.0.6000.160006.0.6001.18000^3\.6(\.[0-3])? .*11.5.6.6067.0.6000.212287.0.6000.212426.0.2900.59457.0.6000.170237.0.6002.182267.0.6001.226536.0.2800.16467.0.6002.223606.0.2900.36766.0.3790.46727.0.6001.184447.0.6000.170376.0.6001.225756.0.6002.222816.1.7600.164996.0.6001.183756.1.7600.206126.0.6002.181586.0.6000.211736.0.6000.16971^([0-2]\..*|3\.0(\.1[0-6]|\.[0-9])?|3\.5(\.[0-6])?) .*2.2.11^5\.1\.(([0-9]|[1-3][0-9]|40)?(|[a-z\_\-]+))$2.2.145.0.2195.73596.5.3790.46256.6.6000.211886.6.6001.180006.6.6000.200005.2.3790.46256.1.9.7386.5.2600.36496.6.6002.222956.6.6001.225905.1.2600.36496.6.7600.164906.6.6000.160006.5.1.9136.6.7600.206006.6.6000.169865.1.2600.59086.5.2600.59086.6.7600.160006.6.6002.181586.6.6002.180006.6.6001.1838910.0.6858.0^(3\.5(\.[0-5])?) .*^(2\.0) .*^([0-2]\..*|3\.0(\.1[0-5]|\.[0-9])?|3\.5(\.[0-5])?) .*^Apache HTTP Server 1\.3\..*$10.0.6860.012.0.6529.50006.0.6000.160006.0.6000.200006.1.7600.164815.1.2600.59236.0.6001.225815.0.2195.73656.0.6000.211796.1.7600.205915.2.3790.46345.1.2600.36626.0.6002.181646.0.6002.222866.0.6000.169776.0.6001.18381^3\.6(\.[0-1])? .*^([012]\..*|3\.0(\.[01])?) .*^([0-2]\..*|3\.0(\.1[0-7]|\.[0-9])?|3\.5(\.[0-7])?) .*8.0.7600.165358.0.6001.189048.0.7600.206518.0.6001.229952.2.1011.0.8318.0MSN Messenger 6.1^4,75.1.0.63963^6\.2\.020[5-9]4.7.0.30014.7.0.20105.0.0.0Trend Micro Internet Security Pro17.50.0.1366^(1\.2\.([0-4]))$^[0-9].*$5.1.3535.3218^([0-2]\..*|3\.0(\.1[0-8]|\.[0-9])?|3\.5(\.[0-8])?) .*MySQL Server 6.0^5\.1\.(([0-9]|[1-2][0-9]|3[0-1])?(|[a-z\_\-]+))$^6\.0\.([0-9]?(|[a-z\_\-]+))$^4\.09.*$6.1.7600.1654411.0.5721.527510.0.0.38216.5.2600.59336.0.6002.223776.5.2600.36655.1.2600.36806.0.6001.184546.6.6001.184616.0.6001.226656.6.6001.226725.1.2600.59495.2.3790.46762.40.4534.010.0.0.370610.0.0.40076.5.3790.466010.0.0.400710.0.0.09.0.0.32729.0.0.33699.0.0.33696.5.1.91411.0.5721.52756.0.6002.182369.0.0.06.1.7600.206609.0.0.45099.0.0.010.0.0.011.0.0.08.2.08.2.0.819.3.0^Adobe.* Captivate.*$5.0.0.5962.1.1.210.0.30319.1^4\.0b1 .*$^3\.5\.(10|11) .*$^3\.6\.[4-8] .*$6.0.0.436.0.6001.185116.0.6002.182946.1.7600.207856.0.6001.227436.1.7600.166615.1.2600.60246.0.6002.224685.2.3790.4759^3\.6(\.[0-3])? .*$^(0\.99\.([0-8])|0\.9\.(10|[6-9])|1\.0\.(1[0-2]|[0-9]$)|1\.2\.([0-7]))$6.0.2800.16496.0.2900.59696.0.2900.36986.0.3790.469614.0.5123.500012.0.6545.500012.0.6545.50006.0.6002.224226.0.6001.227095.2.3790.47246.1.7600.166126.0.6002.182696.1.7600.207356.0.6001.184905.1.2600.600614.0.5123.500014.0.5123.500112.0.6535.500011.0.8324.011.0.8324.011.0.8324.011.0.8323.012.0.6535.500212.0.6535.500211.0.8324.011.0.8324.012.0.6535.500212.0.6535.500212.0.6524.50037.0.7600.200007.0.6002.182557.0.7600.165875.1.2600.60106.0.6001.184986.0.6002.224337.0.6002.223986.0.6002.182776.0.6001.226856.1.7600.207446.0.6001.227207.0.7600.207076.0.6001.184706.1.7600.166246.0.6001.220005.2.3790.475012.0.6545.500012.0.6545.50025.82.6001.185235.82.3790.47705.82.2900.60285.82.6001.220005.82.6001.227555.82.6002.183055.82.6002.220005.82.6002.224805.82.7600.166615.82.7600.200006.0.6000.163866.1.7600.16385^([012]\..*|3\.0(\.[03])?) .*12.0.6545.50006.1.7600.165956.1.7600.207154.8.1367.05.0.594.01.6.2.605.7.0.160005.8.7600.165465.7.6002.220005.7.0.180005.7.6002.223545.7.0.212385.7.0.184405.6.0.88385.7.6002.223545.8.6001.220005.8.7600.206625.7.0.170335.8.6001.189095.7.6002.182225.7.0.200005.8.6001.180005.7.0.226485.8.6001.230005.8.7600.160005.7.0.220005.7.6002.180001.1.4322.24602.0.50727.36131.1.4322.24632.0.50727.18782.0.50727.42042.0.50727.18792.0.50727.49517.0.6001.226756.0.3790.46677.0.6002.223887.0.6001.184287.0.6002.182477.5.7600.206947.5.7600.165766.0.3790.46937.0.6000.170637.0.6001.184707.0.6001.226857.0.6002.223987.0.6002.182557.0.6000.212645.1.2600.59445.0.2195.73795.1.2600.3675517.0.6002.224317.0.6002.182767.0.6002.220007.5.7600.207417.0.6001.227187.0.6001.184976.0.3790.47357.5.7600.166207.0.6001.220005.1.2600.600711.0.8323.010.0.6861.012.0.6539.500011.0.8332.010.0.45.26.5.10.535.1.2.2285.0.2.2275.2.2.2289.2.0.6111.0.8328.0^Free Download Manager.*3.0.852.09.2.1.49.3.19.3.0.148^(2\.0(\.[0-2])?) .*^([0-2]\..*|3\.0(\.1[0-8]|\.[0-9])?|3\.5(\.[0-7])?) .*6.1.7601.216776.1.7600.167766.0.3790.48416.0.6002.184176.0.6001.228676.1.7600.209186.0.6001.186126.0.6002.226016.1.7601.175746.0.2900.60905.2.3790.47025.1.2600.59765.0.2195.73976.1.7600.207046.1.7600.165856.0.6001.226826.0.6001.184685.1.2600.37066.0.6002.182536.0.6002.223967.5.7600.166327.5.7600.207522.2.92.2.156.0.6001.180006.0.6000.160006.0.6001.184315.2.3790.46716.0.6002.223466.0.6000.212306.0.6001.226416.0.6000.170256.0.6002.18213^\xb5Torrent$2.0.36.0.6000.170026.0.6000.212036.0.3790.46496.1.7600.206136.0.2900.59276.0.6002.181846.1.7600.165006.0.2900.36636.0.6002.223115.0.3900.73696.0.6001.184046.0.6001.226055.2.3790.47666.0.6002.183016.0.6002.224756.1.7600.207886.0.6001.185205.1.2600.60316.0.6001.227506.1.7600.166635.5.8.29856.1.7600.206556.1.7600.1653910.1.82.76^3\.6(\.[0-2])? .*^BlackBerry Desktop Software.*$6.0.0.477.0.6000.211847.0.6000.169827.0.6002.181678.0.7600.164906.0.2900.36606.0.3790.46397.0.6002.222907.0.6000.169818.0.6001.188826.0.2800.16447.0.6001.225856.0.2900.59218.0.6001.188767.0.6001.183858.0.7600.206008.0.6001.229677.0.6000.211838.0.6001.229738.0.7600.160006.0.2900.60366.0.3790.47727.0.6002.224847.0.6001.185278.0.6001.230678.0.6001.189757.0.6002.183098.0.7600.166717.0.6001.227607.0.6000.212948.0.6001.230678.0.6001.189757.0.6000.170928.0.7600.207954.0.30319.3364.0.30319.2024.1.249.10646.0.6002.182906.0.6001.227396.1.7600.166616.0.6001.185076.1.7600.207856.0.6002.224638.1.78.1.7.599.2.09.1.0.20090227006.0.6002.222936.0.6000.169845.131.2600.59225.131.2195.73756.0.6001.225886.0.6000.211866.1.7600.164935.131.3790.46426.1.7600.206055.131.2600.36616.0.6001.183876.0.6002.181697.012.0^(3\.6(\.[0-1])?|3\.5(\.[0-8])?) .*^TeamViewer.*$5.0.870312.0.6535.500012.0.6535.500211.0.8324.012.0.6535.50006.0.6000.212266.0.6001.184276.0.6001.226366.0.6002.223416.0.6002.182096.1.7600.165396.0.6000.170216.1.7600.206551.5.3.913010.0.45.25.31.22.77.68.75.05.31.22.79.1.0.7911.0.8328.0^6[,\.]0[,\.]600[0-9][,\.]\d+$^6[,\.]1[,\.]\d{4}[,\.]\d+$6.1.7600.165435.50.5010.2006.0.6002.181976.0.6001.184276.0.6001.226216.0.6002.223416.0.6001.226366.0.6002.223256.0.6001.184166.0.2900.36646.0.6002.182096.0.3790.46576.1.7600.206596.0.2800.20016.0.2900.593110.0.6890.411.0.8321.012.0.6524.50038.2.2.2179.3.28.2.29.3.2.16310.0.6866.09.3.3.1778.2.3.2318.2.39.3.26.0.472.59Microsoft Visio Viewer 2002^Microsoft Office Visio Viewer 2003.*$1Microsoft Office Visio Viewer 20075,50,4807,17006,0,2800,11065.00.3700.10005.1^6[,\.]0[,\.](2[6-9]00|3790)[,\.]\d+$6.0.2900.359811.0.5721.526810.0.0.40748.0.50727.40536.0.6000.168916.0.6002.180726.0.6001.182956.0.6002.221816.0.6000.210906.0.6001.224766.0.2900.36406.0.3790.46116.0.2900.58975.0.3882.270012.0.6514.500011.0.8313.06.5.2600.361011.0.6001.71143.0.9794.06.5.3790.338611.0.6002.221726.5.3790.45659.0.0.33646.1.0.923411.0.6000.63526.0.3790.45483.5.2284.212.0.6513.500011.0.6001.70075.50.5003.10009.0.30729.41486.0.2800.164210.0.6856.08.0.50727.40536.0.2900.584310.0.0.40069.0.30729.41486.1.0.92479.0.0.32717.10.6101.06.0.2800.198311.0.6000.65119.0.21022.2189.0.0.450711.0.6002.180656.5.2600.5857^IrfanView4.274.279.5.0.14.1.0.615110.0.6866.0MySQL Server 5.0^5\.1\.(([0-9]|[1-3][0-9]|4[0-6])?(|[a-z\_\-]+))$^5\.0\.([0-9]|[1-8][0-9]|90)?(|[a-z\_\-]+|\..*)$6.0.472.6211.0.6001.700911.0.6001.711711.0.6001.710011.0.6002.1829712.0.7600.2000011.0.6002.2247112.0.7600.1666112.0.7600.2078712.0.6535.500311.0.8233.012.0.6529.50008.0.7600.165888.0.7600.207088.0.6001.2301912.0.6524.50038.0.6001.18928SnagIt10.0.0.7888.2.1.2051.5.310.0.42.347.0.517.4112.0.0.013.0.0.0^10\.0+\..*$^9\.0+\..*$12.0.0.011.0.0.0^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([2-9]|([1-9][0-9]+))$11.0.6002.224869.0.0.451011.0.6001.711811.0.5721.528011.0.6001.701011.0.6002.2200011.0.6002.1831110.0.0.408110.0.0.400812.0.7600.2079212.0.7600.1666712.0.7600.20000^[0-9].*$12.0.0.29711.0.011.0.0.67412.0.0.8792010.7.30.2015.33.16.05.33.16.01.5.29.0.246.010.0.32.18^PostgreSQL.*$8.0.26^8\.4(\..*)?$^8\.0(\..*)?$^8\.3(\..*)?$8.4.5^8\.2(\..*)?$^8\.1(\..*)?$9.0.08.3.128.2.188.1.227.4.30^9\.0(\..*)?$^7\.4(\..*)?$11.5.7.60910.0.6862.07.66.71.010.0.6856.011.0.8313.0^[01]\..* .*7.0.6001.160007.0.6000.160007.0.6002.181307.0.6001.225507.0.6000.211487.0.6002.222527.0.6001.183497.0.6000.169457.0.6002.180002.0.50727.40622.0.50727.42002.0.50727.44002.0.50727.36034.531.9.12.0.50727.1003^(2\.5\.3\.80|3\.0\.0\.145)$10.10.1893.010.1.1844.08.0.6001.180008.1.7600.160008.0.6001.229568.0.6001.188658.0.6001.229458.0.7600.164668.0.7600.205798.0.6001.18854^([0-2]\..*|3\.0(\.1[0-4]|\.[0-9])?|3\.5(\.[0-3])?) .*10.0.8326.011.3.2007.1529^9\..*$10.0.2108.221611.3.2009.11089.0.2009.10226.1.7600.160005.2.3790.45305.1.2600.35925.1.2600.58346.1.7600.164206.0.6000.211256.0.6000.169266.0.6000.160005.1.2600.58765.1.2600.36255.2.3790.45876.0.6001.225186.0.6001.183306.0.6002.181116.1.7600.205246.0.6002.222236.0.6000.200006.0.6002.1800010.0.22.879.0.159.09.1.0.0HIServer5.0 Service Pack 2HIAdmin6.0.1701.0Microsoft Host Integration Server 2004 ClientMicrosoft Host Integration Server 20046.0.2403.0Microsoft Host Integration Server 20066.0.2430.07.0.2900.05.0.1.7986.0.2119.0^1\.2(\.[0-2])?$4.8.1356.0^(0\.10(\.1[0-9])?|1\.0(\.[0-9])?|1\.2(\.[0-2])?)$^3\.5(\.[0-3])? .*1.2.2^(3\.0(\.1[0-4]|\.[0-9])?|3\.5(\.[0-3])?) .*5.31.21.1011.0.8313.010.0.6856.011.0.8316.012.0.6514.50006.0.6002.222186.0.6000.200006.0.6001.225156.0.6000.211225.1.2600.36246.0.6001.183266.0.6002.181065.1.2600.58756.1.7600.205185.0.2195.73346.1.7600.164156.0.6000.169225.2.3790.45848.2.0.37.0.0.111.0.8164.0^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([4-9]|([1-9][0-9]+))$1.1.4322.24432.0.50727.187311.5.2.602^3\.0(\.1[0-4]|\.[0-9])? .*9.0.0.896912.0.6320.500010.0.6842.012.0.6300.500011.0.8227.09.1.0.20090227008.1.7.597.1.4.20091003008.1.79.2.07.1.410.02.710.06.1.7600.169376.0.6002.227706.1.7601.177525.2.3790.49496.1.7601.218876.1.7600.211156.0.6002.185641.1.91.1.101.1.10.16.0.2900.61826.0.3790.49446.6.7600.169056.0.6002.185286.6.7600.210776.6.6002.227325.2.3790.49166.0.6002.227266.6.7601.210006.6.7601.218476.6.6002.185336.5.2600.61696.6.7601.177136.5.3790.49285.1.2600.61602.49.4.519.0.1036.619.0.1028.06.0.6002.185416.1.7600.169156.1.7601.218616.1.7600.210926.1.7601.210006.1.7601.177256.0.6002.227425.2.3790.49375.1.2600.61756.1.7600.210926.1.7600.169156.1.7601.177256.1.7601.218616.0.6002.227426.0.6002.185415.2.3790.493512.0.6652.50001.1.8reg_dword671098887.08.59.7.0.49.7.0.11.1.711.0.8342.014.0.6111.50002.56.1.7601.218476.1.7601.177136.1.7600.169056.1.7600.210776.0.6002.227325.1.2600.61656.0.6002.185335.2.3790.49227.0.6002.185517.0.7601.177447.0.7600.200007.0.7601.218787.0.7601.210007.0.6002.227557.0.7600.211087.0.6002.220007.0.7600.169309.4.79.1.37.0.6000.213096.0.3790.49298.0.6001.232668.0.7601.177208.0.7600.210857.0.6002.227397.0.6002.185386.0.2900.61698.0.6001.191707.0.6000.171078.0.7601.218558.0.7600.169129.15.1.2600.61886.1.7601.218986.0.6002.227775.2.3790.49536.0.6002.185696.1.7601.177626.1.7600.169486.1.7600.211276.1.7600.210776.1.7600.169055.1.2600.61665.2.3790.49226.1.7601.210006.1.7600.200006.1.7601.218476.0.6002.227326.0.6002.185336.1.7601.17713610.3.183.1111.111.09.0.9.02812.0.6654.500012.0.6654.500012.0.6654.50005.0.111.0.696.13^7\..*$710.1.110.0.19.4.612.0.6654.500014.0.6112.500017.0.963.459.3.28.510.0.648.2042.00.102.0^11\..*$11.1.102.5514.0.6113.500014.0.6114.50013.1.74.1.249.011.0.696.422.0.50727.49712.0.50727.57104.0.30319.5472.0.50727.57102.0.50727.54561.1.4322.24943.5.30729.56002.0.50727.36344.0.30319.2722.0.50727.56003.5.30729.57692.0.50727.42232.0.50727.57103.5.30729.36788.5.1.48.0.114.0.6114.500111.0.83426.0.2205.0.2606.0.2701.1.119.0.597.92^Microsoft AntiXSS v(3\.\d|4\.0).*$8.0.7600.169309.0.8112.164417.0.6002.185528.0.6001.191907.0.6000.213108.0.6001.232868.0.7600.211087.0.6000.171089.0.8112.205468.0.7601.177447.0.6002.227578.0.7601.218781.1.199.04.0.416.0.912.624.1.249.10429.7.0.116.0.912.7717.0.921.317.0.963.556.6.7600.168996.6.7600.210706.6.6002.227266.6.7601.218406.5.2600.61616.5.3790.491616.6.7601.177086.6.6002.185287.0.517.431.3.23.0:0b4.1.22.0.0317.0.913.017.0.963.2616.0.912.752.54.1.249.10456.0.1006.0.2003.16.0.6002.185426.0.6002.227436.1.7601.218636.1.7600.210946.1.7601.210006.1.7601.177276.0.6002.220005.2.3790.49366.1.7600.169176.1.7600.200005.1.2600.617615.0.874.121113.62.610.2.156.129.4.33.6.1915.0.874.1205.0.375.6910.0.19.4.210.2.154.136.1.7600.168896.1.7601.176976.1.7600.210606.1.7601.218286.1.7600.210009.38.08.29.56.0.1016.0.912.4311.0.696.6512.0.742.30155.1.16.0.1805.0.23010.3.181.2314.0.835.2019.0.262.00.1.42.32.0.169.01.0.154.539.72.112.0.742.1116.1.7601.218416.0.6002.227316.1.7601.177096.0.6002.185325.2.3790.49296.1.7600.169006.1.7600.210711.1.3790.492114.0.835.15611.0.696.676.1.7600.210006.1.7600.210626.0.6002.220006.0.6002.185216.1.7601.176996.1.7600.168916.0.6002.227226.1.7601.210006.1.7601.218304.0.249.893.6.132.0.1117.0.963.4616.0.912.624.0.249.06.1.7600.169206.0.6002.185446.0.6002.227455.1.2600.61785.2.3790.49386.1.7600.210976.1.7601.177306.1.7601.2186616.0.912.743.6.13.1.13.1.911.0.696.706.0.3105.0.3406.0.2207.0.200^4\..*$2.0.50727.36314.0.30319.2584.1.10111.02.0.50727.57042.0.50727.54534.0.30319.5232.0.50727.57032.0.50727.42202.0.50727.49681.5.810.0.28.0.552.22311.0.672.16.0.472.582.710.3.181.347.0.517.404.0.249.7814.0.835.16211.1.102.5411.0.1.1522.7.13.0.0.4081.0.13.1.0.48510.3.183.102.0.21.5.39.0.597.8314.0.794.016.0.912.7615.0.874.1219.0.8112.164409.0.8112.205446.1.7600.168896.1.7600.210606.0.6002.185196.1.7601.176976.1.7601.218286.0.6002.2271910.0.648.2033.12.0.133.5.13.6.162.3.36.0.23.6.222.1414.0.835.1244.0.249.01.5.22.0.83.1.43.6.109.79.14.1.249.10359.510.3.183.78.0.05.24.68.5.2.27.0.44.2.13.0.0.25:0a6.0.16.5.67.0.03.0.0.113.0.782.2146.0.2108.010.3.181.1613.0.782.1068.0.552.23511.0.696.5610.0.35.0.3204.0.40.2.149.274.0:0b3.0.195.334.0.244.04.0.249.789.0.597.10610.0.648.1262.0.172.3812.0.742.8215.0.859.015.0.874.1193.6.231.83.1.115.0.2806.0.2402.0.143.01.51.5.0.107.0.07.0.106.0.2808.0.552.2143.0.195.3814.0.839.012.0.700.06.0.496.015.0.840.010.0.601.07.0.548.05.0.396.012.0.747.09.0.562.05.0.306.08.0.561.07.0.497.00.4.154.331.0.154.6513.0.782.23816.0.912.158.0.549.011.0.699.010.0.651.02.0.156.113.0.748.06.0.397.011.0.652.02.0.17214.0.783.00.1.38.11.0.154.369.0.600.016.0.877.04.0.212.015.0.876.03.0.182.24.110.2.159.16.0.1905.0.2400.10.13.1.162.0.0.11.07.0.15.04.03.6.246.07.02.0.0.201.7.33.1.103.0.13.6.22.0.0.233.6.175.0.06.0.2606.0.05.0.3008.0.22.06.0.21.010.1.95.210.0.0.5849.07.0.19.49.0.160.12.0.0.02.0.0.190.91.5.0.142.0.42.0.13.6.31.13.03.51.06.1.7601.176766.1.7601.210006.0.6002.227056.0.6002.185081.1.3790.49056.1.7600.210356.1.7601.218025.2.3790.49106.1.7600.168716.1.7600.20000^[3-5]$8.310.18.2.610.09.4.4^9\..*$10.2.1527.28.0.42.06.0.799.125.0^3\.0\.[024]$^3\.((0\.(6|8|(10)|(12)|(14)))|(1\.[02468]))$6.1.7601.176767.0.6002.185086.1.7600.210367.0.6002.227067.0.6002.220006.1.7600.210007.0.2600.61536.1.7601.210006.1.7600.168726.1.7601.218022.0.50727.56812.0.50727.56812.0.50727.54482.0.50727.36254.0.30319.4882.0.50727.49631.1.4322.24904.0.30319.2392.0.50727.56002.0.50727.40004.0.84.0.44.0.24.0.614.0.6106.5005^Microsoft Excel Services Components.*$6.0.6002.184846.0.6002.226623.5.30729.56814.0.30319.2364.0.30319.461^Microsoft Chart Controls for Microsoft \.NET Framework 3\.5.*$14.0.6106.50056.1.7600.200006.1.7601.176326.1.7601.210006.1.7601.217476.1.7600.209876.1.7600.168336.6.6002.226866.6.7601.210006.6.7601.176696.6.6002.220006.6.7600.210306.6.7600.200006.6.6002.184966.6.7601.217926.6.7600.168675.1.2600.61256.0.6002.220006.1.7600.168505.2.3790.48776.1.7601.217566.0.6002.226626.1.7601.176416.1.7600.209956.0.6002.18484Microsoft SharePoint Workspace 2010Microsoft Office Forms Server 2007Microsoft Office Groove Server 2007 Data BridgeMicrosoft Office Groove Server 2007 Manager12.0.6562.50004.2.2.282714.0.6106.50004.2.2.28275.1.2600.61496.1.7601.176856.1.7600.210466.0.6002.185125.2.3790.49056.0.6002.227116.1.7601.218116.1.7600.168782.0.50727.54472.0.50727.36242.0.50727.42152.0.50727.49624.0.30319.4634.0.30319.2362.0.50727.5668^Microsoft Groove Server 2010.*$12.0.6555.500012.0.6562.500012.0.6562.500014.0.6106.500010.1.7600.2101610.1.7601.1765810.0.6002.2200010.1.7600.2100010.0.6002.2268410.1.7601.2100010.1.7600.1685610.0.6002.1849510.1.7601.2177914.0.6106.5000^Microsoft Report Viewer Redistributable 2005.*$2.0.50727.56778.0.50727.56776.1.7600.168476.0.6002.184906.1.7601.217676.0.6001.229396.1.7601.176476.0.6002.226725.2.3790.48835.1.2600.61336.0.6001.186646.1.7600.210056.0.6002.226296.0.6001.186396.1.7601.217126.0.6001.229055.2.3790.48286.1.7601.176036.1.7600.209516.0.6002.184575.1.2600.60816.1.7600.168026.0.6002.226466.1.7600.168215.2.3790.48686.1.7600.209756.1.7601.217356.0.6001.186516.1.7601.176226.0.6002.184696.0.6001.229237.0.1111.0.8341.08.0.7600.163852.0.50727.36232.0.50727.42144.0.30319.4542.0.50727.36232.0.50727.18912.0.50727.56622.0.50727.54462.0.50727.49614.0.30319.235Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010^Microsoft Windows SharePoint Services 2\.0.*$14.0.6106.500114.0.6106.500114.0.6106.500811.0.8339.014.0.6106.500114.0.6106.500114.0.6106.500112.0.6565.5001^Microsoft Windows SharePoint Services 3\.0.*$5.7.6002.184055.8.7600.200005.7.6002.184055.7.6002.225895.8.7601.175625.7.0.185995.8.7601.210005.7.6002.225895.8.6001.190465.7.6002.225895.8.6001.231415.8.7600.167625.7.6002.220005.8.6001.231415.8.7601.216635.8.6001.231415.8.6001.231415.8.7600.209045.8.7600.200005.7.6002.225895.8.7600.167625.8.6001.190465.7.0.228545.7.6002.220005.6.0.88505.8.7600.209045.8.7601.175625.8.6002.230005.7.0.220005.8.7601.216635.8.6002.230005.7.0.220005.8.7601.210005.7.0.185995.7.0.228545.1.0.05.7.0.05.8.0.05.6.0.0^3\.0(\.[0-4])?.*$^([0-2]\.|3\.[0-5]).*$9.00.4035.009.0.0.010.0.2531.010.50.1600.110.50.1600.110.0.0.010.50.1600.19.00.5000.0010.0.4000.02009.100.1790.02009.100.1700.02005.90.4340.043.5.30729.56652.0.50727.506512007.100.2800.02007.100.2841.010.0.30319.4622005.90.4060.09.0.4060.0^.*KB2510061.*$2005.90.5292.02007.100.4311.02007.100.2573.0^.*KB2510065.*$2005.90.5200.02007.100.4300.029.0.5292.02009.100.1617.09.0.5200.02005.90.5057.09.0.4340.02007.100.4064.09.0.5057.02005.90.4207.09.0.4207.0Microsoft SQL Server 2005 Reporting ServicesMicrosoft SQL Server 2005 Analysis ServicesMicrosoft SQL Server 2005 Notification ServicesMicrosoft SQL Server 2005 Tools3Microsoft SQL Server 2005 Integration Services6.1.7600.209946.0.6002.184846.1.7600.168416.1.7601.217556.1.7601.176406.0.6002.2266212.0.6556.500011.0.8338.06.0.6001.186446.1.7600.168066.1.7601.176086.1.7600.209566.0.6002.184626.0.6002.226346.0.6001.229106.1.7601.217177.0.7734.1825.1.2600.61036.0.6002.226256.1.7600.209536.0.6001.186336.1.7600.168046.0.6001.228995.2.3790.48516.0.6002.1845112.0.6550.5004^(3\.5(\.([0-9]|1[0-5]))?) .*$^([0-2](\..*)?|3(\.0(\.([0-9]|10))?)?) .*$^(5\.3\.[23])$6.0.3790.48618.0.7601.200007.0.6002.184637.0.6002.220008.0.6001.231678.0.7600.209578.0.6001.190768.0.7601.176087.0.6001.220008.0.7601.217188.0.7600.200007.0.6000.213018.0.6001.231697.0.6001.229118.0.7600.168068.0.6001.220006.0.2900.61087.0.6002.226347.0.6001.18645^2\.0(\.[0-4])? .*$^3\.5(\.[0-9])? .*$Apache ContinuumApache Archiva^.*/1\.([0-1]\..*|2\.[0-2]|3(\.[0-3])?)$^.*=\s(1\.(1\..*|2\.([0-2](\..*)?|3(\.[0-1])?)|3\.6|4\.0))$4.0.0^.*hidserv\.dll$reg_dword1024^([0-2]\..*|3\.(0\..*|1\.[0-7])) .*$^([0-2]\..*|3\.(([0-4]\..*)?|5\.([0-9]|1[0-6]))|3\.6(\.([0-9]|1[0-3]))) .*$^2\.0(\.([0-9]|1[0-1]))? .*$9.4.0EScript.api10.26.1.7600.208616.1.7601.175276.1.7601.216246.1.7600.167226.1.7601.200006.0.6001.229116.1.7600.209586.0.2900.61576.0.3790.49136.1.7601.217196.0.6002.226346.1.7600.168076.0.6001.186456.1.7601.176096.0.6002.18463^(5(\.2(\.([0-9]|1[0-4]))?|\.3(\.[0-3])?))$6.0.6001.228156.0.6002.225506.0.6001.228406.0.6001.185646.0.6002.183565.2.3790.48076.0.6001.185896.1.7600.160006.1.7600.167226.1.7600.208616.0.6001.18000^(3\.6(\.([0-9]|1[0-2])?)?) .*$^(3\.1(\.[0-6])?) .*$11^Microsoft Visual C\+\+ 2005 Redistributable.*$7.10.6119.08.0.50727.61958.0.50727.6195^Microsoft Visual C\+\+ 2010.*Redistributable.*$10.0.30319.46010.0.30319.4159.0.30729.61619.0.30729.6161^Microsoft Visual C\+\+ 2008 Redistributable.*$^3\.5\.[0-8].*$12.0.6557.500112.0.6557.5001^([0-3]\..|4\.0[^\.]).*$1.1.61.1.6.11.1.4.11.1.41.1.52.0.50727.42112.0.50727.36204.0.30319.2252.0.50727.36192.0.50727.56534.0.30319.4312.0.50727.49592.0.50727.544410.2.511010.0.6890.411.0.8329.012.0.6548.50015.2.3790.48606.1.7601.176176.1.7600.168166.0.6002.226286.0.6001.229046.1.7601.217286.1.7600.209786.0.6002.184566.0.6001.186385.1.2600.61045.3.46.6.8064.06.0.6002.225866.1.7601.216596.5.9151.06.1.7601.175596.0.6001.228526.1.7600.209006.1.7601.210006.0.6002.220006.0.6002.184036.1.7600.200006.2.8081.05.2.3790.48295.2.2600.60786.0.6001.185976.1.7600.167596.0.6001.22000^(2\.0(\.[0-3])?) .*^([0-2]\..*|3\.0(\.1[0-8]|\.[0-9])?|3\.5(\.[0-8])?|3\.6(\.[0-1])?) .*6.0.2900.61297.0.6000.171029.0.8112.164349.0.8112.205348.0.6001.191208.0.6001.232167.0.6002.226837.0.6000.213058.0.7600.168538.0.7601.176556.0.3790.48828.0.7601.217767.0.6002.184948.0.7600.21013^Apache Tomcat .*$^7\.0\.([0-9]|1[01])$5707.5.7600.149787.0.6545.149797.5.7601.200007.5.7601.216497.5.7600.208887.5.7600.200007.5.7601.175507.5.7600.07.5.7600.167482.0.50727.42093.5.21022.2393.5.30729.50002.0.50727.36183.5.30729.36442.0.50727.50532.0.50727.49553.5.30729.50534.0.30319.2064.0.30319.3001.1.4322.24702.0.50727.18874.0.30319.36314.0.5138.50006.1.7600.208146.0.6002.225036.0.6001.227746.1.7600.166846.0.2900.60406.0.3790.47856.0.6001.185356.0.6002.1832411.0.8341.0^([0-2](\..*)?|3(\.0(\.([0-9]|10))?|\.1(\.[0-6])?)?) .*$12.0.6554.500111.0.8333.010.0.6870.0^OpenSSH .*$^(OpenSSH for Windows v(([0-4](\..*)?|5\.[0-5].*)|5\.6([ :].*)?))$5.2.3790.48076.0.6001.228166.1.7601.216696.0.6001.185656.0.6002.225516.1.7600.208616.0.6002.183575.1.2600.60586.1.7600.167226.1.7601.17567^2\.81.*$6.0.6001.185706.0.6001.228212.81.3012.06.1.7600.200006.1.7600.16688^6\.1.*$^6\.0.*$^2\.82.*$6.1.7600.208186.0.6002.183626.0.6002.225552.82.4795.06.1.7600.166886.0.6002.183286.0.6001.227786.0.6002.225065.6.0.88506.1.7600.200006.1.7600.208186.1.7601.176386.1.7600.168396.1.7601.217546.1.7600.209925.8.7601.175355.8.7600.167325.8.7600.208735.8.7601.200005.8.7601.216345.8.7600.200009.0.8112.205309.0.8112.164306.0.6002.225196.1.7600.200006.0.6002.183426.1.7600.166996.0.6001.227916.1.7600.208306.0.6001.185516.6.7601.216266.5.2715.55126.6.7600.208656.6.7600.200006.6.6002.183636.6.6002.220006.6.6002.225586.6.7600.167246.5.2600.60766.6.6001.228226.5.3790.48266.6.6001.220006.6.7601.175286.6.7601.210006.6.6001.185715.1.2.2305.2.2.23015.0.874.1025.3.46.0.2900.60587.0.6001.228168.0.7600.167228.0.7600.208617.0.6001.185656.0.3790.48078.0.7601.216367.0.6000.170958.0.6001.190197.0.6000.212978.0.6001.231117.0.6002.225518.0.6001.231117.0.6002.183578.0.7601.175378.0.6001.1901910.0.6872.011.0.8335.0^4\.0b[1-7] .*$14.0.6106.500512.0.6562.50037.0.6000.170988.0.7601.176226.0.2900.61048.0.6001.231818.0.7600.168217.0.6001.186398.0.6001.231818.0.6001.190888.0.6001.190887.0.6002.184577.0.6002.226298.0.7600.209757.0.6000.213007.0.6001.229058.0.7601.217356.0.3790.4857^9\..*$8.0.7601.176998.0.7600.210626.0.3790.49047.0.6000.171049.0.8112.164378.0.6001.232508.0.7600.168918.0.7601.218307.0.6000.213068.0.6001.191549.0.8112.205377.0.6002.226986.0.2900.61487.0.6002.185109.0.8112.200009.0.289.03.2.104.10132.6.150.10133.2.102.10133.1.150.1013^\_\_version\_\_\s=\s'Python\sSMTP\sproxy\sversion\s0\.2'$3.2.103.10132.7.150.10133.2.101.10131.0.11.0.41.0.30.4.00.4.40.2.910.7.00.5.01.0.60.2.900.9.8a0.3.10.8.00.7.10.8.60.6.00.2.600.6.20.9.70.1.99h0.9.30.5.20.1.99a0.2.820.2.830.1.99b0.9.60.5.30.1.99g0.1.99d1.1.10.1.99f0.9.10.1.990.4.60.2.730.9.40.9.9a0.8.6a0.8.20.8.10.2.720.1.99c0.1.99i0.8.4a0.2.611.1.20.8.6e0.8.13371.0.50.2.620.4.10.4.30.8.40.9.50.2.810.8.6d0.9.00.9.100.7.20.8.6g0.8.6c0.8.6b0.2.800.6.10.4.50.8.6h0.3.00.2.500.2.700.8.50.9.20.2.920.2.630.8.6i0.4.3-ac30.5.11.0.21.1.31.1.00.8.6f1.0.00.2.00.4.20.9.90.2.710.1.99e14.0.0.015.0.0.014.0.5126.50006.1.7600.200006.1.7600.208176.1.7600.166886.1.7600.208266.0.6001.185385.2.3790.47896.0.6002.183276.0.6001.227776.0.6002.225056.1.7600.166955.1.2600.605510.0.6871.011.0.8335.012.0.6557.500010.0.6867.012.0.6545.500411.0.8329.0^3\.5(\.([0-9]|1[0-1]))? .*^3\.0(\.[0-6])? .*3.2.103.1013^3\.1(\.[0-5])?\s.*$^(2\.0(\.[0-9])?)\s.*$^3\.5(\.([0-9]|1[0-4]))?\s.*$^3\.6(\.([0-9]|1[0-1]))?\s.*$^3\.0(\.[0-9])?\s.*$02.0.50727.50712.0.50727.50004.0.30319.4472.0.50727.42122.0.50727.54422.0.50727.49572.0.50727.36202.0.50727.18892.0.50727.56504.0.30319.2326.0.6002.226296.1.7600.168056.1.7601.176076.1.6001.222046.1.7600.200006.0.6002.184576.1.7600.209556.1.7601.210006.1.7601.2171610.0.6864.011.0.8326.06.0.6001.185236.1.7600.207926.0.6002.183055.2.3790.47695.1.2600.60336.0.6002.224786.0.6001.227546.1.7600.166676.1.7601.210006.0.6002.184076.1.7600.167656.0.6001.228575.1.2600.60825.2.3790.48326.0.6002.225926.0.6001.186026.1.7600.209076.1.7601.175656.1.7601.216661.0.4.2^OpenOffice\.org .*$3.2.95025.5.9.3033^(0\.10\.([89]|1[0-4])|0\.99.*|1\.0(\.([0-9]|1[0-4]))?|1\.2(\.[0-9])?)$^(0\.10\.1[34]|0\.99.*|1\.0(\.([0-9]|1[0-4]))?|1\.2(\.[0-9])?)$11.0.0.491614.0.0.015.0.0.014.0.5130.500312.0.6550.50042.0.50727.44542.0.50727.42062.0.50727.36152.0.50727.50002.0.50727.50182.0.50727.43002.0.50727.18822.0.50727.44552.0.50727.49525.2.15^([0-2]\..*|3\.[0-5](\..*)?|3\.6(\.[0-8])?) .*3.6.812.0.50727.30532.0.50727.14332.0.50727.305314.0.30319.4474.0.30319.2324.0.30319.4002.0.50727.42122.0.50727.36202.0.50727.36202.0.50727.56002.0.50727.56502.0.50727.18892.0.50727.49572.0.50727.54426.0.6001.186026.0.6001.186046.1.7601.175655.2.3790.48336.1.7600.167656.0.6001.228576.1.7601.216666.0.6002.184096.0.6002.184076.0.6002.225926.0.6001.228595.1.2600.60826.1.7600.209076.0.6002.225946.1.7601.21000Microsoft Office SharePoint Server 200712.0.6565.500312.0.6565.5000^Microsoft Office Excel Services.*$^3\.6\.7 .*6.1.7600.168306.1.7600.209836.0.6002.184756.1.7601.176305.2.3790.48726.0.6002.220006.1.7601.217446.0.6002.226536.0.6001.229276.0.6001.186535.1.2600.61196.0.6001.22000^3\.1(\.[0-4])? .*$^3\.6(\.([0-9]|1[0]))? .*$^PHP.*$^([0-4](\..*)?|5(\.[0-1](\..*)?|\.2(\.([0-9]|1[0-4]))?|\.3(\.[0-3])?)?)$10.61.3484.010.53.3374.05.4.2.02007 Microsoft Office Suite Service Pack 1 (SP1)12.0.6213.100012.0.6425.100012.0.4518.10142007 Microsoft Office Suite Service Pack 2 (SP2)12.0.6535.50056.0.6001.228666.1.7600.209146.1.7600.167725.1.2600.56956.0.6001.220006.0.6002.184166.1.7601.216736.1.7601.175706.1.7601.210005.2.3790.43926.1.7600.200006.0.6002.226006.0.6002.220006.0.6001.186118.0.6001.231438.0.6001.231418.0.7600.167667.0.6001.186026.0.3790.48358.0.7601.175737.0.6000.212997.0.6002.225927.0.6001.228577.0.6002.184078.0.6001.190488.0.7600.209086.0.2900.60828.0.7601.200008.0.7601.216767.0.6000.170978.0.6001.19046MySQL Server 5.1^5\.1\.(([0-9]|[1-3][0-9]|4[0-7])?(|[a-z\_\-]+))$5.2.2.2325.1.2.2325.1.2.2346.0.6001.227136.1.7600.207336.1.7600.166106.0.6002.182726.0.6002.224256.1.7600.200006.0.6001.18493^Winamp.*$5.6.0.30918.0.7600.16385^(0\..*|1\.0(\.([0-9]|1[0-4]))?|1\.2(\.[0-9])?)$Skype4.2.0.1696.0.3790.47328.0.6001.189438.0.7600.207456.0.2900.60037.0.6002.224347.0.6000.170808.0.6001.189398.0.6001.230407.0.6001.184987.0.6000.212837.0.6001.227208.0.7600.166257.0.6002.182788.0.6001.230378.0.7600.200009.10.527.02003.1100.8327.0^10\..*$9.4.110.0.18.2.55.0.375.125^Novell iPrint Client.*5.4.4.07.67.75.06.0.6002.224206.0.6001.184886.0.6002.182676.1.7600.166176.0.6001.227076.1.7600.207386.0.6002.220001.10.0.1311.0.8332.06.0.6002.183285.1.2600.60465.2.3790.47886.0.6001.227786.0.6001.185396.0.6002.225066.1.7600.166916.1.7600.2082113.0.0.012.0.0.015.0.0.014.0.0.012.0.6550.500010.0.6868.012.0.6550.500012.0.6550.500011.0.8334.014.0.5136.5003^\s*"name": "InvisibleHand"[^}]+}[^p]+path": "lghjfnfolmcikomdjmoiemllfnlmmoko\\[^s]+state": 1$4.1.249.106411.0.8325.011.0.8166.08.100.5003.08.110.7600.207288.110.7600.166058.100.4002.08.110.7600.200008.100.1052.08.100.1051.05.33.18.5^Apache HTTP Server 2\.0\..*$2.0.642.2.96.1.7601.210006.1.7600.167725.1.2600.60906.0.6001.186126.0.6001.228676.1.7600.209146.0.6002.184176.0.6002.226015.2.3790.48416.1.7601.216736.1.7601.1757010.63.3516.08.2.3.2318.2.39.3.39.3.3.17710.0.6869.0^([0-2]\..*|3\.0(\.[0-8])?|3\.1(\.[0-4])?) .*$^([0-2]\..*|(3\.[0-5](\.[0-9]|\.1[0-3])?)|3\.6(\.([0-9]|1[0]))?) .*$^([0-2](\..*)?|3(\.[0-4](\..*)?|\.5(\.([0-9]|1[0-5]))|\.6(\.([0-9]|1[0-2]))?)?) .*$^([0-1](\..*)?|2(\.0(\.([0-9]|10)?)?)?) .*$^(1\.2\.[2-9])$6.0.210.61.55.0.375.5511.1.1190.05.2.3790.48136.1.7601.175356.0.6002.183656.0.6001.228246.1.7600.167326.1.7600.208735.1.2600.60646.0.6002.225606.1.7601.200006.1.7601.175356.0.6001.18573^.*[Oo][Ff][Ff][Ii][Cc][Ee]11.*$^.*[Oo][Ff][Ff][Ii][Cc][Ee]12.*$^.*[Oo][Ff][Ff][Ii][Cc][Ee]10.*$11.0.8325.012.0.6535.500510.0.6863.09.52.10108.06.0.3790.47327.0.6000.170806.0.2900.60037.0.6001.184988.0.6001.189437.0.6002.182788.0.7600.166258.0.6001.18939^\d+\.win7sp1.*$^\d+\.win7sp1_rc.*$5.2.2.2315.1.2.231^8\..*$^9\..*$8.2.49.3.49.3.4.2188.2.4.2686.1.7600.207656.0.6002.182876.0.6001.227356.1.7600.166446.0.6002.224546.0.3790.47516.0.2900.60186.0.6001.1850511.0.8329.012.0.6546.500010.0.6867.011.5.9.615^(3\.6(\.[0-6])?) .*^(3\.1(\.[0])?) .*11.5.8.612^(2\.0(\.[0-6])?) .*^(3\.5(\.([0-9]|1[0-1]))?|3\.6(\.[0-8])?) .*^(3\.0(\.[0-6])?|3\.1(\.[0-2])?) .*11.5.9.615^([0-2]\..*|3\.0(\.[0-8])?) .*$^3\.5(\.([0-9]|1[0-3]))? .*$2.0.9^(0\.8(\.([4-9]|1[0-9])).*|((0\.9.*)|(0\.10.*))|1\.0(\.([0-9]|1[0-5]))?|1\.2(\.([0-9]|10))?)$^3\.6(\.[0-8])? .*^3\.1(\.[0-2])? .*^Apache HTTP Server 2\.2\..*$2.2.169.8.1117.0^Ethereal.*$^Wireshark.*$^(0\..*|1\.0(\.([0-9]|1[0-3]))?|1\.2(\.[0-8])?)$8.0.552.21512.0.0.013.0.0.012.0.6539.500010.0.6864.011.0.8326.012.0.6541.5000^7\..*$^8\..*$^6\..*$8.0.6001.220007.0.6000.200007.0.6001.200006.0.3790.47957.0.6002.225116.0.2900.60497.0.6002.183327.0.6001.227848.0.6001.189997.0.6000.212958.0.7600.167007.0.6001.185428.0.6001.230677.0.6000.170938.0.6001.189998.0.7600.208318.0.6001.230918.0.7600.200007.0.6002.22000.[0-9]+-.[0-9]+-.[0-9]+-.[0-9]+$^.*-OEM-.*$^11\..+$0010.0.6867.014.0.5128.500011.0.8329.012.0.6545.50047.0.517.446.1.7600.207386.0.6001.184956.0.6002.182746.0.6002.224276.0.6001.227156.1.7600.166171.0.154.485.0.375.7010.54.3423.0^(Adobe|Macromedia) Flash Media Server.*$3.03.5.5.20043.0.7.2024.0.1.20093.54.0^10\..*$9.0.289.010.1.102.645.33.19.45.0^(Topaz e-Signatures SigPlus .*)3.74[S|s]hockwave11.5.8.6125.0.375.127^\d+\.\d+$1.56.0.210.66.0.472.53^([0-2]\..*|3\.0(\.[0-9]|\.1[0-9])?|3\.5(\.[0-9]|\.1[01])?|3\.6(\.[0-8])?) .*10.60.3445.04.1.249.1059^Google Chrome.*$5.0.375.996.0.6001.220005.2.3790.47336.1.7600.166196.0.6001.227155.1.2600.60026.1.7600.207406.0.6001.184956.0.6002.182746.0.6002.224276.0.6002.22000^[Oo]pera$10.50.3296.0^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] 7[a-zA-Z0-9\(\)\s]*$Service Pack 3^[a-zA-Z0-9\(\)\s]*[Vv][Ii][Ss][Tt][Aa][a-zA-Z0-9\(\)\s]*$Service Pack 1^[a-zA-Z0-9\(\)\s]*2008[a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*2008 [Rr]2[a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] [Xx][Pp][a-zA-Z0-9\(\)\s]*$amd64x86windowsService Pack 2ia64^[a-zA-Z0-9\(\)\s]*2003[a-zA-Z0-9\(\)\s]*$6.0.6002.224286.1.7600.207385.2.3790.47306.0.6001.227166.1.7600.166176.0.6001.184966.0.6002.182755.1.2600.60036.1.7600.200006.0.6001.220006.0.6002.22000^Adobe AIR.*$^Adobe Flash Player.*$2.0.310.1.82.76^.*Safari.*$5.33.17.8^[0-9]+\..*$^(2\.0(\.[0-5])?) .*^(3\.0(\.[0-5])?|3\.1(\.[0])?) .*^(3\.5(\.([0-9]|(10)))?|3\.6(\.[0-6])?) .*\Movie Maker\Movie Maker 2.6\Movie Maker\Messenger\Windows Media Components\Encoder\Windows Media Components\Encoder\UltraPlayerCommon7\Tools\AtlTraceTool8.exeBin\Windows NT\Accessories\NOS\bin\system32\dllcache\System\MSMAPI\1033\System\MAPI\1033\Microsoft Shared\VBA\VBA6\ehome\microsoft shared\triedit\IrfanViewsecurity\kxedebin^\\Microsoft Host|Host Integration Server 20[\d][\d]\\system$\Microsoft Office\PowerPoint ViewerReaderAcrobatSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\codec\accessSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Common Files\System\jre\bin\client\jvm.dll\bin\client\jvm.dll\ADAM\Microsoft Office\OFFICE14\GMS\BinMicrosoft Shared\Web Server Extensions\12\ISAPI\Gms14\Admin\Bin\System32\IME\IMEJP10\Microsoft Visual Studio 8\SDK\v2.0\BootStrapper\Packages\ReportViewer\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005\Microsoft Shared\web server extensions\11\BIN\Microsoft Shared\Web Server Extensions\14\ISAPI\Microsoft Shared\web server extensions\12\BINCommon7\IDE\XmlCommon7\IDE\XmlCommon7\IDE\Xml\Binn100\KeyFile\Binn\Binn\bin^\\Microsoft SQL Server\\.+\\Reporting Services\\ReportServer\\bin\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE^\\Microsoft SQL Server\\.+\\OLAP\\bin\Microsoft Shared\VGX\apps\archiva\WEB-INF\classes\application.properties\apps\continuum\WEB-INF\classes\localization\Continuum.propertiesReader\plug_ins\plug_insReader\plug_ins^\\winsxs\\(x86|amd64)_microsoft\.vc80\.atl_1fc8b3b9a1e18e3b_8\.0\.50727\.[0-9]{1,4}.*$^\\WinSxS\\(x86|amd64)_Microsoft\.VC80\.ATL_1fc8b3b9a1e18e3b_8\.0\.50727\.[0-9]{1,4}.*$VC\redist\x86\Microsoft.VC80.ATL^\\WinSxS\\(x86|amd64)_Microsoft\.VC90\.ATL_1fc8b3b9a1e18e3b_9\.0\.30729\.[0-9]{1,4}.*$VC\redist\x86\Microsoft.VC100.ATL^\\winsxs\\(x86|amd64)_microsoft\.vc90\.atl_1fc8b3b9a1e18e3b_9\.0\.30729\.[0-9]{1,4}.*$VC\redist\x86\Microsoft.VC90.ATL\plugins\system32\inetsrv\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.NET\Framework\v1.1.4322\wab.exe\Outlook Express\Windows Mail\wab.exe\System\ado\LibLibXLATORSXLATORS^\\System32\\DriverStore\\FileRepository\\bth\.inf_.{8}$^\\System32\\DriverStore\\FileRepository\\bth\.inf_(x86|amd64)_neutral_.{16}$\Microsoft.NET\Framework\v4.0.30319\Microsoft.NET\Framework\v2.0.5072712.0\BinOFFICE11binwinamp.exePlugins\Microsoft Shared\TextConv\Microsoft Shared\GRPHFLTSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\syswow64\Microsoft Office\Office11User Data\Defaultbin\Microsoft Office\Office10\bin\java.exe\\bin\java.exe\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReaderSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ReaderSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AcrobatAcrobatbin\Microsoft Shared\TextConv\Microsoft Office\Office12\Microsoft Shared\OFFICE10\Microsoft Shared\OFFICE14\Microsoft Shared\OFFICE11\Microsoft Shared\OFFICE12FMSAdmin.exe\Adobe\Macromed\bin\java.exe\\bin\java.exe\\System32\drivers\opera\System32