The OVAL Repository 5.5 2008-10-07T09:08:55.762-04:00 Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Internet Explorer 6 Microsoft Office 2002 Microsoft Office 2003 Microsoft Visio 2000 Microsoft Visual Studio .NET 2005 Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." Sudhir Gandhe DRAFT Todd Dolinsky INTERIM INTERIM Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Internet Explorer 6 Microsoft Office 2002 Microsoft Office 2003 Microsoft Visio 2000 Microsoft Visual Studio .NET 2005 gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." Sudhir Gandhe DRAFT Todd Dolinsky INTERIM INTERIM Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Internet Explorer Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. Sudhir Gandhe DRAFT Dragos Prisaca INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Internet Explorer 6 Microsoft Office 2002 Microsoft Office 2003 Microsoft Visio 2000 Microsoft Visual Studio .NET 2005 Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." Sudhir Gandhe DRAFT Todd Dolinsky INTERIM INTERIM Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Internet Explorer 6 Microsoft Office 2002 Microsoft Office 2003 Microsoft Visio 2000 Microsoft Visual Studio .NET 2005 gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." Sudhir Gandhe DRAFT Todd Dolinsky INTERIM INTERIM Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Media Encoder Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." Sudhir Gandhe DRAFT Sudhir Gandhe INTERIM INTERIM Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Office 2002 Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2007 Compatibility Pack Microsoft OneNote 2007 Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability." Sudhir Gandhe DRAFT INTERIM INTERIM Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Office 2002 Microsoft Office 2003 Microsoft Visio 2000 Microsoft Visual Studio .NET 2005 Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability." Sudhir Gandhe DRAFT INTERIM INTERIM Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 The application Microsoft Visio 2002 SP2 is installed. Robert L. Hollis INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 The application Microsoft Office 2002 is installed. Robert L. Hollis INTERIM ACCEPTED Jonathan Baker INTERIM Jonathan Baker ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista The application Microsoft PowerPoint Viewer is installed. Dragos Prisaca DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Visual Studio 2005 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED Robert L. Hollis ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 The application Microsoft Office 2003 is installed. Robert L. Hollis INTERIM ACCEPTED Jonathan Baker INTERIM Ken Lassesen ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Office 2007 The application Microsoft Office 2007 is installed. Jonathan Baker DRAFT INTERIM ACCEPTED Robert L. Hollis INTERIM Jonathan Baker ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Media Player Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." Sudhir Gandhe DRAFT Sudhir Gandhe INTERIM INTERIM Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Media Player Windows Media Player v11.0 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Internet Explorer Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Outlook Express Microsoft Mail The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Outlook Express 5.5 SP2 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Outlook Express 6 SP1 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Outlook Express 6 for Windows XP/2003 is installed Robert L. Hollis DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Windows Mail Microsoft Windows Mail is installed Sudhir Gandhe DRAFT Robert L. Hollis INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Internet Explorer Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Internet Explorer Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft SharePoint Server 2007 Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Office SharePoint Server 2007 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED Jonathan Baker INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista The application Microsoft Office Compatibility Pack is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Internet Explorer Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED