http://oval.mitre.org/repository This feed provides information about the latest updates to the OVAL Repository, including new OVAL definitions; definitions that have changed status (e.g., from Draft to Interim or Interim to Accepted); and definitions that have been modified is posted here. Each update to the OVAL Repository will also update this feed. The OVAL Repository is updated as edits and additions are completed. It is possible for this feed to be updated several times per day, but updates rarely occure more often than once per day. en-us oval@mitre.org Fri, 20 Nov 2009 17:53:46 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2041 The operating system installed on the system is Microsoft Windows Vista x64 Edition New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2041 Thu, 19 Nov 2009 18:37:54 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1282 The operating system installed on the system is Microsoft Windows Vista (32-bit) New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1282 Thu, 19 Nov 2009 18:37:54 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4193 A version of Microsoft Windows XP Professional x64 Edition Service Pack 2 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4193 Thu, 19 Nov 2009 18:37:53 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2161 A version of Microsoft Windows Server 2003 SP2 (x64) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2161 Thu, 19 Nov 2009 18:37:53 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5254 The operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 1 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5254 Thu, 19 Nov 2009 18:37:52 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4873 The operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 1 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4873 Thu, 19 Nov 2009 18:37:52 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4870 The operating system installed on the system is Microsoft Windows Server 2008 (32-bit) New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4870 Thu, 19 Nov 2009 18:37:52 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4386 A version of Microsoft Windows Server 2003 SP1 (x64) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4386 Thu, 19 Nov 2009 18:37:52 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5653 The operating system installed on the system is Microsoft Windows Server 2008 (32-bit) Service Pack 2 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5653 Thu, 19 Nov 2009 18:37:51 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5594 The operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 2 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5594 Thu, 19 Nov 2009 18:37:51 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5356 The operating system installed on the system is Microsoft Windows Server 2008 x64 Edition New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5356 Thu, 19 Nov 2009 18:37:51 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6114 Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6114 Thu, 19 Nov 2009 18:37:50 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5950 The operating system installed on the system is Microsoft Windows 7 x64 Edition New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5950 Thu, 19 Nov 2009 18:37:50 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5577 Exchange Server 2007 SP1 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5577 Thu, 19 Nov 2009 18:37:50 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6124 The operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 2 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6124 Thu, 19 Nov 2009 18:37:49 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6159 The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6159 Thu, 19 Nov 2009 18:37:48 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1869 Exchange Server 2003 SP2 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1869 Thu, 19 Nov 2009 18:37:48 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1858 Exchange Server 2000SP3 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1858 Thu, 19 Nov 2009 18:37:47 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6165 The operating system installed on the system is Microsoft Windows 7 (32-bit) New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6165 Thu, 19 Nov 2009 18:37:46 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6438 The operating system installed on the system is Microsoft Windows Server 2008 R2 x64 Edition New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6438 Thu, 19 Nov 2009 18:37:45 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6216 The operating system installed on the system is Microsoft Windows Server 2008 x64 Edition Service Pack 2 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6216 Thu, 19 Nov 2009 18:37:45 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:720 A version of Microsoft Windows XP Professional x64 Edition Service Pack 1 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:720 Thu, 19 Nov 2009 18:37:44 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:730 A version of Microsoft Windows Server 2003 (x64) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:730 Thu, 19 Nov 2009 18:37:43 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6362 Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6362 Tue, 17 Nov 2009 16:08:29 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6516 WebKit in Apple Safari before 4.0.4 includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6516 Tue, 17 Nov 2009 16:08:28 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6475 Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6475 Tue, 17 Nov 2009 16:08:28 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6325 The operating system having Apple Safari installation. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6325 Tue, 17 Nov 2009 16:08:28 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5915 Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5915 Tue, 17 Nov 2009 16:08:28 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:565 A version of Microsoft Windows Server 2003 Service Pack 1 (x86) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:565 Tue, 17 Nov 2009 16:08:26 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1935 A version of Microsoft Windows Server 2003 Service Pack 2 (x86) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1935 Tue, 17 Nov 2009 16:08:26 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:754 A version of Microsoft Windows XP (x86) Service Pack 2 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:754 Tue, 17 Nov 2009 16:08:25 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5631 A version of Microsoft Windows XP (x86) Service Pack 3 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5631 Tue, 17 Nov 2009 16:08:25 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6391 packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6391 Tue, 17 Nov 2009 16:08:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6049 Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6049 Tue, 17 Nov 2009 16:08:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6005 The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6005 Tue, 17 Nov 2009 16:08:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5979 Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5979 Tue, 17 Nov 2009 16:08:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:85 The operating system installed on the system is Microsoft Windows 2000. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:85 Tue, 17 Nov 2009 16:08:16 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6589 Wireshark is installed on the system. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6589 Tue, 17 Nov 2009 16:08:16 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1050 Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1050 Tue, 17 Nov 2009 14:56:54 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:538 Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:538 Tue, 17 Nov 2009 14:56:53 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:432 Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:432 Tue, 17 Nov 2009 14:56:53 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:394 Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:394 Tue, 17 Nov 2009 14:56:53 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:709 Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:709 Tue, 17 Nov 2009 14:56:52 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:521 The operating system installed on the system is Microsoft Windows XP SP2. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:521 Tue, 17 Nov 2009 14:56:52 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:480 The operating system installed on the system is Microsoft Windows XP SP1 (64-bit). New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:480 Tue, 17 Nov 2009 14:56:52 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:105 The operating system installed on the system is Microsoft Windows XP. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:105 Tue, 17 Nov 2009 14:56:51 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5855 Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5855 Mon, 16 Nov 2009 17:34:24 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6102 Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6102 Mon, 16 Nov 2009 04:00:30 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5925 Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5925 Mon, 16 Nov 2009 04:00:27 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6328 Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6328 Mon, 16 Nov 2009 04:00:19 EST