http://oval.mitre.org/repository This feed provides information about the latest updates to the OVAL Repository, including new OVAL definitions; definitions that have changed status (e.g., from Draft to Interim or Interim to Accepted); and definitions that have been modified is posted here. Each update to the OVAL Repository will also update this feed. The OVAL Repository is updated as edits and additions are completed. It is possible for this feed to be updated several times per day, but updates rarely occure more often than once per day. en-us oval@mitre.org Fri, 16 May 2008 12:13:58 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5578 Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file. NOTE: this might be the same issue as CVE-2005-0944. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5578 Thu, 15 May 2008 14:47:41 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5303 Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5303 Thu, 15 May 2008 14:47:40 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5012 Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Word file with a malformed Cascading Style Sheet (CSS) value, related to a "memory handling error" that triggers memory corruption. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5012 Thu, 15 May 2008 14:47:40 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5494 Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5494 Thu, 15 May 2008 14:47:39 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:730 A version of Microsoft Windows Server 2003 (x64) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:730 Thu, 15 May 2008 14:47:38 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:565 A version of Microsoft Windows Server 2003 Service Pack 1 (x86) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:565 Thu, 15 May 2008 14:47:38 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:754 A version of Microsoft Windows XP (x86) Service Pack 2 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:754 Thu, 15 May 2008 14:47:37 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:229 The operating system installed on the system is Microsoft Windows 2000 SP4. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:229 Thu, 15 May 2008 14:47:37 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:239 The application Microsoft Publisher 2003 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:239 Thu, 15 May 2008 14:47:36 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2127 The application Microsoft Publisher 2007 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2127 Thu, 15 May 2008 14:47:36 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:737 The application Microsoft Word Viewer is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:737 Thu, 15 May 2008 14:47:35 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:734 The application Microsoft Publisher 2002 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:734 Thu, 15 May 2008 14:47:35 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:427 The application Microsoft Publisher 2000 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:427 Thu, 15 May 2008 14:47:35 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:455 The application Microsoft Word 2000 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:455 Thu, 15 May 2008 14:47:34 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2074 The application Microsoft Word 2007 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2074 Thu, 15 May 2008 14:47:34 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1853 The application Microsoft Office Compatibility Pack is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1853 Thu, 15 May 2008 14:47:34 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:475 The application Microsoft Word 2003 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:475 Thu, 15 May 2008 14:47:33 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:973 The application Microsoft Word 2002 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:973 Thu, 15 May 2008 14:47:32 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5269 Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5269 Thu, 15 May 2008 14:47:17 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1926 The operating system installed on the system is Sun Solaris 10 for x86. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1926 Thu, 15 May 2008 14:47:17 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1683 The operating system installed on the system is Sun Solaris 9 for x86. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1683 Thu, 15 May 2008 14:47:16 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1440 The operating system installed on the system is Sun Solaris 10 for SPARC. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1440 Thu, 15 May 2008 14:47:16 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2059 The operating system installed on the system is Sun Solaris 8 for x86. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2059 Thu, 15 May 2008 14:47:15 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1457 The operating system installed on the system is Sun Solaris 9 for SPARC. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1457 Thu, 15 May 2008 14:47:15 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1539 The operating system installed on the system is Sun Solaris 8 for SPARC. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1539 Thu, 15 May 2008 14:47:14 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5356 The operating system installed on the system is Microsoft Windows Server 2008 x64 Edition New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5356 Mon, 12 May 2008 04:00:15 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5254 The operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 1 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5254 Mon, 12 May 2008 04:00:14 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4873 The operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 1 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4873 Mon, 12 May 2008 04:00:14 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4870 The operating system installed on the system is Microsoft Windows Server 2008 (32-bit) New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4870 Mon, 12 May 2008 04:00:13 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5258 Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5258 Thu, 08 May 2008 13:36:09 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5165 Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5165 Thu, 08 May 2008 13:36:09 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:694 Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:694 Mon, 05 May 2008 04:00:26 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:684 The patch IE7-KB929969-WindowsXP-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:684 Mon, 05 May 2008 04:00:26 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:679 The patch IE7-KB929969-WindowsServer2003-ia64-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:679 Mon, 05 May 2008 04:00:26 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5501 The operating system installed on the system is VMWare ESX Server 3.0.0. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5501 Mon, 05 May 2008 04:00:25 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5407 Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5407 Mon, 05 May 2008 04:00:24 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5367 The operating system installed on the system is VMWare ESX Server 3.0.1. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5367 Mon, 05 May 2008 04:00:24 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5325 The operating system installed on the system is IBM AIX 5.3. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5325 Mon, 05 May 2008 04:00:24 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5309 wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5309 Mon, 05 May 2008 04:00:23 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5202 Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5202 Mon, 05 May 2008 04:00:23 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5189 The operating system installed on the system is IBM AIX 5.2. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5189 Mon, 05 May 2008 04:00:23 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5009 Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5009 Mon, 05 May 2008 04:00:22 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4950 Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4950 Mon, 05 May 2008 04:00:22 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4848 Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4848 Mon, 05 May 2008 04:00:22 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4814 Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4814 Mon, 05 May 2008 04:00:21 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4216 Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4216 Mon, 05 May 2008 04:00:21 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3573 Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3573 Mon, 05 May 2008 04:00:20 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3556 The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3556 Mon, 05 May 2008 04:00:20 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:294 Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:294 Mon, 05 May 2008 04:00:19 EDT http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:289 The patch IE7-KB929969-WindowsServer2003-x86-enu.exe that addresses the vulnerabilities discussed in Microsoft Security Bulletin MS07-004 should be installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:289 Mon, 05 May 2008 04:00:19 EDT