Red Hat Linux 9
Mutt
Jay Beale
2003-0140
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder
ACCEPTED
1
Red Hat Linux 9
CUPS
Jay Beale
2003-0195
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out
ACCEPTED
1
Sun Solaris 8
kcms_configure
David Proulx
2001-0594
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument
ACCEPTED
1
Sun Solaris 8
libnsl
David Proulx
2002-0391
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd
ACCEPTED
1
Sun Solaris 8
xlock
David Proulx
2001-0652
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable
ACCEPTED
1
Sun Solaris 8
snmpdx
David Proulx
2002-0796
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.5 Service Pack 2
David Proulx
David Proulx
2002-0026
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made
ACCEPTED
3
Sun Solaris 8
Xsun
David Proulx
2002-0158
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument
ACCEPTED
1
Sun Solaris 8
CDE
David Proulx
2002-0677
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure
ACCEPTED
1
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2002-0079
ACCEPTED
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code
ACCEPTED
3
Microsoft Windows 2000
Internet Explorer 6.0
David Proulx
David Proulx
2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks
ACCEPTED
3
Microsoft Windows NT
Windows Shell
Matthew Burton
2002-0070
Completing an initial submission.
done
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6.0
Andrew Buttner
Andrew Buttner
2002-0189
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability
ACCEPTED
3
Microsoft Windows 2000
Christine Walzer
2003-0715
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0528
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Andrew Buttner
Andrew Buttner
2002-0147
ACCEPTED
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun.
ACCEPTED
4
Microsoft Windows 2000
Internet Explorer 5.5 or Internet Explorer 5.5 Service Pack 1
David Proulx
David Proulx
2002-0026
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made
ACCEPTED
3
Microsoft Windows NT
FTP
Tiffany Bergeron
Tiffany Bergeron
2002-0073
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters
ACCEPTED
3
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2002-0079
ACCEPTED
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code
ACCEPTED
3
Microsoft Windows 2000
Network Connection Manager (NCM)
Christine Walzer
Christine Walzer
2002-0720
modified wrt-222 - changed pattern match
INTERIM
A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code
INTERIM
1
Microsoft Windows 2000
Internet Explorer 5.01
Tiffany Bergeron
Tiffany Bergeron
Christine Walzer
2002-0193
modified wrt-222 - changed pattern match
INTERIM
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability
INTERIM
2
Red Hat Linux 9
skk
Jay Beale
2003-0539
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2002-0364
ACCEPTED
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise.
ACCEPTED
4
Microsoft Windows 2000
SMTP
Tiffany Bergeron
Andrew Buttner
2002-0055
Changed the registry key in question for the SMTP enabled check to SMTPSVC from SMTP.
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 to cause a denial of service via a command with a malformed data transfer (BDAT) request
ACCEPTED
3
Sun Solaris 8
cachefsd
David Proulx
Brian Soby
2002-0033
Updated to include Solaris 9 and Solaris 9 patch info
INTERIM
ACCEPTED
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name
ACCEPTED
3
Microsoft Windows 2000
Internet Explorer 6.0
David Proulx
David Proulx
2002-0026
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made
ACCEPTED
3
Sun Solaris 7
Xsun
David Proulx
2002-0158
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument
ACCEPTED
1
Sun Solaris 7
whodo
David Proulx
2001-1076
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable
ACCEPTED
1
Microsoft Windows 2000
FTP
Tiffany Bergeron
Tiffany Bergeron
2002-0073
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters
ACCEPTED
4
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2001-0333
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice
ACCEPTED
2
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
2002-0051
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access
ACCEPTED
2
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2002-0150
ACCEPTED
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values
ACCEPTED
3
Microsoft Windows 2000
Internet Explorer 5.5 Service Pack 2
David Proulx
David Proulx
2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks
ACCEPTED
3
Sun Solaris 7
rpc.rwalld
David Proulx
2002-0573
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed
ACCEPTED
1
Sun Solaris 7
libnsl
David Proulx
2002-0391
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd
ACCEPTED
1
Sun Solaris 7
cachefsd
David Proulx
Brian Soby
2002-0084
Updated to add patch test
INTERIM
ACCEPTED
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument
ACCEPTED
2
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2000-0884
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability
ACCEPTED
2
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2002-0071
ACCEPTED
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names
ACCEPTED
3
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2002-0074
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session
ACCEPTED
2
Sun Solaris 8
whodo
David Proulx
2001-1076
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable
ACCEPTED
1
Sun Solaris 7
admintool
David Proulx
2002-0088
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.01
David Proulx
David Proulx
2003-1326
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box.
ACCEPTED
2
Microsoft Windows 2000
Internet Explorer 5.01, Internet Explorer 5.01 Service Pack 1, or Internet Explorer 5.01 Service Pack 2
David Proulx
David Proulx
2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks
ACCEPTED
3
Red Hat Linux 9
EOG
Jay Beale
2003-0165
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display
ACCEPTED
1
Red Hat Linux 9
Ethereal
Jay Beale
2003-0081
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers
ACCEPTED
1
Red Hat Linux 9
Ethereal
Jay Beale
2003-0159
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Sun Solaris 8
rpc.yppasswdd
David Proulx
2001-0779
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6.0
David Proulx
David Proulx
2003-1328
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality.
ACCEPTED
2
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2002-0075
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message
ACCEPTED
1
Microsoft Windows 2000
Remote Procedure Call (RPC)
Tiffany Bergeron
Tiffany Bergeron
Christine Walzer
2002-1561
modified wrt-222 - changed pattern match
INTERIM
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference
INTERIM
1
Sun Solaris 8
admintool
David Proulx
2002-0088
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path
ACCEPTED
1
Microsoft Windows NT
Remote Access Service (RAS)
Tiffany Bergeron
2002-0366
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry
ACCEPTED
1
Sun Solaris 7
mibiisa
David Proulx
2002-0797
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges
ACCEPTED
1
Microsoft Windows 2000
Remote Access Service (RAS)
Tiffany Bergeron
2002-0366
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry
ACCEPTED
2
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
2002-0018
ACCEPTED
INTERIM
ACCEPTED
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which could allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain
ACCEPTED
3
Sun Solaris 7
kcms_configure
David Proulx
2001-0594
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
David Proulx
David Proulx
Christine Walzer
2003-0223
modified wrt-222 - changed pattern match
INTERIM
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message
INTERIM
1
Sun Solaris 8
admintool
David Proulx
2002-0089
Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file
ACCEPTED
1
Sun Solaris 7
admintool
David Proulx
2002-0089
Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file
ACCEPTED
1
Red Hat Linux 9
Ethereal
Jay Beale
Jay Beale
2003-0356
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions
ACCEPTED
1
Sun Solaris 8
dtspcd
David Proulx
2001-0803
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary command
ACCEPTED
1
Microsoft Windows 2000
Microsoft SQL Server 2000
Yi-Fang Koh
2001-0344
ACCEPTED
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account
ACCEPTED
1
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2002-0147
ACCEPTED
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun.
ACCEPTED
3
Red Hat Linux 9
Ethereal
Jay Beale
Jay Beale
2003-0357
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors
ACCEPTED
1
Sun Solaris 7
dtspcd
David Proulx
2001-0803
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary command
ACCEPTED
1
Red Hat Linux 9
Ethereal
Jay Beale
Jay Beale
2003-0428
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit
ACCEPTED
2
Microsoft Windows 2000
Internet Explorer 5.5 or Internet Explorer 5.5 Service Pack 1
David Proulx
David Proulx
2002-0023
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks
ACCEPTED
3
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2001-0333
ACCEPTED
INTERIM
ACCEPTED
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice
ACCEPTED
3
Sun Solaris 8
rpc.rwalld
David Proulx
2002-0573
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed
ACCEPTED
1
Sun Solaris 7
CDE
David Proulx
2002-0678
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure
ACCEPTED
1
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2002-0148
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page
ACCEPTED
1
Microsoft Windows 2000
Microsoft SQL Server 2000
Tiffany Bergeron
2001-0509
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs
ACCEPTED
1
Microsoft Windows 2000
Microsoft SQL Server
Yi-Fang Koh
Yi-Fang Koh
2001-0542
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CAN-2001-0879
ACCEPTED
1
Red Hat Linux 9
Ethereal
Jay Beale
Jay Beale
2003-0429
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow
ACCEPTED
1
Sun Solaris 8
lbxproxy
David Proulx
2002-0090
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option
ACCEPTED
1
Microsoft Windows NT
Simple Network Management Protocol (SNMP)
Harvey Rubinovitz
Harvey Rubinovitz
2002-0013
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available
ACCEPTED
1
Red Hat Linux 9
Ethereal
Jay Beale
Jay Beale
2003-0430
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value
ACCEPTED
1
Microsoft Windows 2000
Multiple UNC Provider (MUP)
Tiffany Bergeron
2002-0151
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request
ACCEPTED
2
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
Ingrid Skoog
2001-0151
corrected configuration criterion
INTERIM
ACCEPTED
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests
ACCEPTED
3
Sun Solaris 7
CDE
David Proulx
2002-0677
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Harvey Rubinovitz
Harvey Rubinovitz
2002-0148
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page
ACCEPTED
1
Sun Solaris 8
mibiisa
David Proulx
2002-0797
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2002-0149
ACCEPTED
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names
ACCEPTED
3
Microsoft Windows 2000
Internet Explorer 6.0
Andrew Buttner
Andrew Buttner
2002-0078
Added the configuration check to see if cookies are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability
ACCEPTED
4
Sun Solaris 8
cachefsd
David Proulx
Brian Soby
2002-0084
Updated to add patch test
Added Solaris 9 and Solaris 9 patch test to the definition
INTERIM
ACCEPTED
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument
ACCEPTED
2
Microsoft Windows 2000
Internet Explorer 6.0
David Proulx
David Proulx
2002-0371
Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response
ACCEPTED
2
Microsoft Windows 2000
Internet Explorer 6.0
Andrew Buttner
Andrew Buttner
Christine Walzer
2002-0193
modified wrt-222 - changed pattern match
INTERIM
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability
INTERIM
3
Red Hat Linux 9
Ethereal
Jay Beale
Jay Beale
2003-0431
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences
ACCEPTED
1
Sun Solaris 7
rpc.yppasswdd
David Proulx
2001-0779
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username
ACCEPTED
1
Microsoft Windows NT
Locator service
Tiffany Bergeron
2003-0003
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information
ACCEPTED
1
Red Hat Linux 9
Ethereal
Jay Beale
Jay Beale
2003-0432
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors
ACCEPTED
1
Red Hat Linux 9
Ximian Evolution
Jay Beale
2003-0128
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow
ACCEPTED
1
Red Hat Linux 9
Ximian Evolution
Jay Beale
2003-0129
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
Tiffany Bergeron
2003-0109
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0
ACCEPTED
2
Red Hat Linux 9
Ximian Evolution
Jay Beale
2003-0130
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image
ACCEPTED
1
Red Hat Linux 9
GDM
Jay Beale
2003-0547
INTERIM
ACCEPTED
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file
ACCEPTED
1
Red Hat Linux 9
GDM
Jay Beale
2003-0548
INTERIM
ACCEPTED
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CAN-2003-0549
ACCEPTED
1
Sun Solaris 7
snmpdx
David Proulx
2002-0796
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges
ACCEPTED
1
Microsoft Windows 2000
ISA Server 2000
Tiffany Bergeron
2003-0526
ACCEPTED
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found.
ACCEPTED
1
Microsoft Windows 2000
SMB (Server Message Block)
Tiffany Bergeron
Tiffany Bergeron
2003-0345
ACCEPTED
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required
ACCEPTED
1
Sun Solaris 7
kcms_server
David Proulx
2003-0027
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure
ACCEPTED
1
Microsoft Windows 2000
SQL Server 2000
Yi-Fang Koh
Yi-Fang Koh
2002-0154
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
Tiffany Bergeron
2003-0809
Added the configuration check to see if ActiveX controls are enabled by the current user when local machine settings are not in use.
ACCEPTED
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page
ACCEPTED
1
Sun Solaris 7
cachefsd
David Proulx
Brian Soby
2002-0033
Added patch test
INTERIM
ACCEPTED
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name
ACCEPTED
2
Microsoft Windows 2000
Internet Explorer 6.0
Andrew Buttner
Andrew Buttner
2003-1326
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box.
ACCEPTED
2
Microsoft Windows 2000
Remote Procedure Call (RPC)
Tiffany Bergeron
2003-0528
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0715
ACCEPTED
1
Red Hat Linux 9
GDM
Jay Beale
2003-0549
INTERIM
ACCEPTED
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2002-0071
ACCEPTED
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names
ACCEPTED
3
Sun Solaris 7
xlock
David Proulx
2001-0652
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable
ACCEPTED
1
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2002-0149
ACCEPTED
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names
ACCEPTED
3
Red Hat Linux 9
GNU Ghostscript
Jay Beale
Jay Beale
2003-0354
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job
ACCEPTED
1
Microsoft Windows 2000
Christine Walzer
2003-0010
DRAFT
INTERIM
ACCEPTED
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack
ACCEPTED
1
Red Hat Linux 9
GnuPG
Jay Beale
2003-0255
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Virtual Machine (VM)
Tiffany Bergeron
2003-0111
INTERIM
ACCEPTED
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise.
ACCEPTED
1
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2002-0150
ACCEPTED
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values
ACCEPTED
3
Red Hat Linux 9
GtkHTML
Jay Beale
2003-0133
INTERIM
ACCEPTED
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages
ACCEPTED
1
Microsoft Windows NT
Simple Network Management Protocol (SNMP)
Matt Busby
2001-0046
INTERIM
ACCEPTED
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities
ACCEPTED
1
Microsoft Windows NT
Microsoft Transaction Server (MTS)
Matt Busby
2001-0047
INTERIM
ACCEPTED
The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.01, Internet Explorer 5.01 Service Pack 1
Tiffany Bergeron
Andrew Buttner
2001-0154
Added the configuration check to see if file downloads are enabled by the current user when local machine settings are not in use. Changed the status from ACCEPTED to INTERIM
ACCEPTED
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly
ACCEPTED
2
Microsoft Windows NT
Christine Walzer
2003-0112
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6.0
Harvey Rubinovitz
Harvey Rubinovitz
2002-1186
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure.
ACCEPTED
1
Microsoft Windows 2000
Simple Network Management Protocol (SNMP)
Harvey Rubinovitz
Harvey Rubinovitz
2002-0012
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available
ACCEPTED
1
Microsoft Windows NT
Multiple UNC Provider (MUP)
Tiffany Bergeron
2002-0151
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request
ACCEPTED
1
Microsoft Windows NT
Christine Walzer
2003-0345
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required
ACCEPTED
1
Microsoft Windows 2000
Windows Shell
Christine Walzer
Christine Walzer
2002-0070
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled
ACCEPTED
1
Red Hat Linux 9
GtkHTML
Jay Beale
2003-0541
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference
ACCEPTED
1
Sun Solaris 8
fs.auto, xfs
David Proulx
David Proulx
2002-1317
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query
ACCEPTED
2
Red Hat Linux 9
Apache
Jay Beale
2003-0020
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences
ACCEPTED
1
Red Hat Linux 9
Apache
Jay Beale
2003-0083
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CAN-2003-0020
ACCEPTED
1
Sun Solaris 7
fs.auto, xfs
David Proulx
David Proulx
2002-1317
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query
ACCEPTED
2
Red Hat Linux 9
Apache
Jay Beale
2003-0132
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed
ACCEPTED
1
Microsoft Windows NT
Windows NT 4.0
Tiffany Bergeron
2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit
ACCEPTED
1
Microsoft Windows NT
Windows NT 4.0
Tiffany Bergeron
2002-0018
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which could allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain
ACCEPTED
1
Microsoft Windows NT
Simple Network Management Protocol (SNMP)
Harvey Rubinovitz
Harvey Rubinovitz
2002-0012
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available
ACCEPTED
1
Red Hat Linux 9
Apache
Jay Beale
2003-0192
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite
ACCEPTED
1
Red Hat Linux 9
Apache
Jay Beale
2003-0253
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service
ACCEPTED
1
Sun Solaris 8
CDE
David Proulx
2002-0678
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure
ACCEPTED
1
Sun Solaris 7
CDE
David Proulx
2002-0679
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.5
Andrew Buttner
Andrew Buttner
2003-1326
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box.
ACCEPTED
2
Sun Solaris 7
lbxproxy
David Proulx
2002-0090
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option
ACCEPTED
1
Microsoft Windows NT
Internet Information Server 4.0
Tiffany Bergeron
Tiffany Bergeron
2002-0364
ACCEPTED
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise.
ACCEPTED
3
Red Hat Linux 9
Apache
Jay Beale
2003-0254
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket
ACCEPTED
1
Microsoft Windows XP
Authenticode
Tiffany Bergeron
Andrew Buttner
Christine Walzer
2003-0660
Added the configuration check to see if downloading of signed ActiveX controls are enabled by the current user when local machine settings are not in use.
Fixed the logic that checks for one version of the file if no sp is installed and a different version if sp1 is installed.
The compound test that includes SP1 or earlier has been added
ACCEPTED
INTERIM
ACCEPTED
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval
ACCEPTED
2
Microsoft Windows 2000
Microsoft Word 2000
Christine Walzer
2003-0664
Added word 2000 and winword.exe information
changed to word 2000
DRAFT
INTERIM
ACCEPTED
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document
ACCEPTED
1
Microsoft Windows 2000
SMB (Server Message Block)
Christine Walzer
Christine Walzer
2002-0724
modified wrt-222 - changed pattern match
INTERIM
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service"
INTERIM
1
Microsoft Windows 2000
Certificate Enrollment Control
Christine Walzer
Christine Walzer
2002-0699
modified wrt-222 - changed pattern match
ACCEPTED
INTERIM
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML
INTERIM
1
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2000-0886
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability
ACCEPTED
3
Sun Solaris 8
CDE
David Proulx
2002-0679
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure
ACCEPTED
1
Red Hat Linux 9
KDM
Jay Beale
2003-0690
INTERIM
ACCEPTED
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module
ACCEPTED
1
Microsoft Windows NT
Christine Walzer
2003-0352
DRAFT
INTERIM
ACCEPTED
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms
ACCEPTED
1
Sun Solaris 8
kcms_server
David Proulx
2003-0027
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
2001-0500
ACCEPTED
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red
ACCEPTED
3
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
Tiffany Bergeron
2003-0660
Added the configuration check to see if downloading of signed ActiveX controls are enabled by the current user when local machine settings are not in use.
ACCEPTED
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval
ACCEPTED
1
Microsoft Windows 2000
Remote Data Protocol (RDP)
Tiffany Bergeron
Tiffany Bergeron
Christine Walzer
2002-0863
modified wrt-222 - changed pattern match
INTERIM
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol.
INTERIM
2
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Windows Script Engine for JScript v5.6
Tiffany Bergeron
David Proulx
Christine Walzer
2003-0010
Corrected to reflect the unification of the Windows Schema
Added the configuration check to see if active scripting is enabled by the current user when local machine settings are not in use.
Added Patch to Definition
negated patch
ACCEPTED
INTERIM
ACCEPTED
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack
ACCEPTED
3
Microsoft Windows XP
Windows XP
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
Christine Walzer
2003-0659
Fixed the logic that checks for one version of the file if no sp is installed and a different version if sp1 is installed.
The compound test that includes a check for SP1 or earlier has been added
Added patch KB891711 (from MS05-002) which supercedes the previous patch
ACCEPTED
INTERIM
ACCEPTED
INTERIM
INTERIM
ACCEPTED
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application
ACCEPTED
3
Microsoft Windows 2000
Microsoft Word 2000
Ingrid Skoog
2002-1143
DRAFT
INTERIM
ACCEPTED
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure.
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6.0
Harvey Rubinovitz
Harvey Rubinovitz
2002-1187
ACCEPTED
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
2003-0838
Added the configuration check to see if ActiveX controls are enabled by the current user when local machine settings are not in use.
ACCEPTED
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CAN-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)
ACCEPTED
1
Microsoft Windows 2000
Microsoft Word 2000
Ingrid Skoog
2002-1056
made into a real definition
DRAFT
INTERIM
ACCEPTED
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-1048
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Tiffany Bergeron
Tiffany Bergeron
2004-0549
DRAFT
INTERIM
ACCEPTED
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object
ACCEPTED
1
Microsoft Windows 2000
Simple Network Management Protocol (SNMP)
Tiffany Bergeron
2002-0053
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CAN-2002-0012 and CAN-2002-0013, will be updated when more accurate information is available
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Harvey Rubinovitz
Harvey Rubinovitz
2002-0075
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
Andrew Buttner
2003-1048
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image
ACCEPTED
1
Microsoft Windows 2000
Messenger Service
Christine Walzer
Christine Walzer
Andrew Buttner
2003-0717
Fixed an error in the configuration section, now correctly testing that messenger service is enabled. Before it was testing that HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start=2, now it is testing that it does not equal 4.
ACCEPTED
ACCEPTED
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack
ACCEPTED
2
Red Hat Linux 9
KDM
Jay Beale
2003-0692
INTERIM
ACCEPTED
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Ingrid Skoog
Ingrid Skoog
2004-0566
DRAFT
INTERIM
ACCEPTED
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value
ACCEPTED
1
Microsoft Windows 2000
Help and Support Center (HSC)
Christine Walzer
Christine Walzer
2003-0711
Windows 2000 replaced by check for Windows 2000 SP4 or earlier
ACCEPTED
INTERIM
ACCEPTED
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL
ACCEPTED
2
Microsoft Windows NT
Christine Walzer
2003-0346
DRAFT
INTERIM
ACCEPTED
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.5
Harvey Rubinovitz
Harvey Rubinovitz
2002-1187
ACCEPTED
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource
ACCEPTED
1
Red Hat Linux 9
krb5
Jay Beale
2003-0028
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CAN-2002-0391
ACCEPTED
1
Microsoft Windows 2000
Microsoft SQL Server
Tiffany Bergeron
2000-1081
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability
ACCEPTED
1
Microsoft Windows 2000
SQL Server 2000
Yi-Fang Koh
Yi-Fang Koh
Jonathan Baker
2003-0230
modified wft-62 - Added "80" to the registry component. So that new component value is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\80\SharedCode. This key specifes the location of the file that should be tested.
INTERIM
INTERIM
ACCEPTED
Microsoft SQL Server 7, 2000, and MSDE allows local users go gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability
ACCEPTED
2
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
Andrew Buttner
2003-1048
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
Andrew Buttner
2003-0662
Added the configuration check to see if ActiveX controls are enabled by the current user when local machine settings are not in use.
ACCEPTED
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML formatter e-mail or web page
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Tiffany Bergeron
Tiffany Bergeron
2004-0549
DRAFT
INTERIM
ACCEPTED
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object
ACCEPTED
1
Red Hat Linux 9
krb5
Jay Beale
2003-0082
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun")
ACCEPTED
1
Microsoft Windows Server 2003
Network News Transport Protocol (NNTP)
Christine Walzer
2004-0574
DRAFT
INTERIM
ACCEPTED
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows
ACCEPTED
1
Red Hat Linux 9
krb5
Jay Beale
2003-0138
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack
ACCEPTED
1
Red Hat Linux 9
krb5
Jay Beale
2003-0139
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing.
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Yi-Fang Koh
Yi-Fang Koh
2001-0879
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0127
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel
ACCEPTED
1
Red Hat Linux 9
Netfilter
Jay Beale
2003-0187
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts
ACCEPTED
1
Red Hat Linux 9
Netfilter
Jay Beale
2003-0244
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions
ACCEPTED
1
Microsoft Windows 2000
Christine Walzer
2003-0112
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
2003-0715
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0528
ACCEPTED
1
Microsoft Windows XP
Windows XP
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
Christine Walzer
2003-0717
Fixed the logic that checks for one version of the file if no sp is installed and a different version if sp1 is installed.
CMP-66 has been added
ACCEPTED
INTERIM
ACCEPTED
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack
ACCEPTED
2
Microsoft Windows 2000
Microsoft SQL Server 2000
Yi-Fang Koh
Yi-Fang Koh
2002-0056
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6.0
Harvey Rubinovitz
Harvey Rubinovitz
2002-1217
ACCEPTED
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions
ACCEPTED
1
Microsoft Windows 2000
SMB Signing (Server Message Block)
Christine Walzer
2002-1256
ACCEPTED
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0246
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports
ACCEPTED
1
Microsoft Windows XP
Windows Media Player for Windows XP
Tiffany Bergeron
2002-0372
ACCEPTED
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player"
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0247
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops")
ACCEPTED
1
Microsoft Windows XP
Windows Media Player for Windows XP
Tiffany Bergeron
2001-0719
ACCEPTED
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file
ACCEPTED
1
Microsoft Windows 2000
SQL Server 2000
Yi-Fang Koh
Yi-Fang Koh
2002-0624
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure.
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0248
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
MDAC 2.6
Ingrid Skoog
Andrew Buttner
2002-1142
removed the test for windows NT and added a test for MDAC 2.6 since this definition is dependent on the MDAC version and not the platform
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub
ACCEPTED
2
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0364
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions
ACCEPTED
1
Microsoft Windows 2000
Remote Procedure Call (RPC)
Tiffany Bergeron
2003-0352
ACCEPTED
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms
ACCEPTED
1
Microsoft Windows 2000
Simple Network Management Protocol (SNMP)
Harvey Rubinovitz
Harvey Rubinovitz
2002-0013
Changed CAN-2002-0012 to CAN-2002-0013.
INTERIM
ACCEPTED
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available
ACCEPTED
2
Microsoft Windows 2000
SQL Server 2000
Yi-Fang Koh
Yi-Fang Koh
Jonathan Baker
2003-0231
modified wft-55 - Added "80" to the registry component. So that new component value is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\80\SharedCode. This key specifes the location of the file that should be tested.
INTERIM
ACCEPTED
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe
ACCEPTED
2
Microsoft Windows 2000
SQL Server 2000
Yi-Fang Koh
Yi-Fang Koh
Jonathan Baker
2003-0232
modified wft-55 - Added "80" to the registry component. So that new component value is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\80\SharedCode. This key specifes the location of the file that should be tested.
INTERIM
ACCEPTED
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow
ACCEPTED
2
Red Hat Linux 9
/proc/tty/driver/serial
Jay Beale
2003-0461
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Ingrid Skoog
Ingrid Skoog
2004-0566
DRAFT
INTERIM
ACCEPTED
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value
ACCEPTED
1
Microsoft Windows 2000
Microsoft FrontPage Server Extensions 2000
Tiffany Bergeron
Tiffany Bergeron
2003-0824
Changed the definition to look at the file shtml.dll instead of fp4awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled.
INTERIM
ACCEPTED
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0462
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0464
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd
ACCEPTED
1
Microsoft Windows 2000
SQL Server 2000
Yi-Fang Koh
Yi-Fang Koh
2002-0641
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query
ACCEPTED
1
Microsoft Windows NT
Windows NT 4.0
Tiffany Bergeron
Tiffany Bergeron
2003-0525
INTERIM
ACCEPTED
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method
ACCEPTED
2
Microsoft Windows XP
Windows Media Player for Windows XP
Tiffany Bergeron
2003-0228
ACCEPTED
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Ingrid Skoog
Ingrid Skoog
2004-0566
DRAFT
INTERIM
ACCEPTED
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0476
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0501
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries
ACCEPTED
1
Microsoft Windows XP
Microsoft Windows Workstation Service
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0812
Added 64-bit edition support to this definition allowing us to deprecated OVAL332
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API
ACCEPTED
2
Microsoft Windows 2000
Internet Explorer 5.5
Harvey Rubinovitz
Harvey Rubinovitz
2002-1217
ACCEPTED
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions
ACCEPTED
1
Microsoft Windows 2000
Network News Transport Protocol (NNTP)
Christine Walzer
2001-0543
ACCEPTED
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0814
Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Word 2000
Christine Walzer
Christine Walzer
2003-0820
ACCEPTED
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Tiffany Bergeron
Tiffany Bergeron
Christine Walzer
2003-0659
Added the patch KB891711 (from MS05-002) which supercedes the previous patch
ACCEPTED
INTERIM
INTERIM
ACCEPTED
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application
ACCEPTED
2
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
Andrew Buttner
2003-0814
Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp3 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
Andrew Buttner
2003-0814
Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp4 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0814
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
Andrew Buttner
2003-0814
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
Andrew Buttner
2003-0814
Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0815
Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of having IE 5.01 sp2 installed.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
Andrew Buttner
2003-0815
Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of having IE 5.01 sp3 installed.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
Andrew Buttner
2003-0815
Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of having IE 5.01 sp4 installed.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0815
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
Andrew Buttner
2003-0815
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
Andrew Buttner
2003-0815
Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0816
Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
Andrew Buttner
2003-0816
Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp3 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
Andrew Buttner
2003-0816
Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp4 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows XP
Microsoft FrontPage Server Extensions 2000
Andrew Buttner
Andrew Buttner
2003-0822
Changed the definition to test for fp30reg.dll and fp4areg.dll instead of fp4awel.dll.
INTERIM
ACCEPTED
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft FrontPage Server Extensions 2002
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0822
Changed the definition to test for fp30reg.dll and fp5areg.dll instead of fp5awel.dll.
XP SP2 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request
ACCEPTED
2
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft SharePoint Team Services
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0822
Changed the definition to test for fp30reg.dll and fp5areg.dll instead of fp5awel.dll.
XP SP2 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request
ACCEPTED
2
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0823
Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
Andrew Buttner
2003-0823
Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp3 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
Andrew Buttner
2003-0823
Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp4 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0823
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
Andrew Buttner
2003-0823
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
Christine Walzer
2003-0225
modified wrt-222 - changed pattern match
INTERIM
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page
INTERIM
1
Microsoft Windows 2000
HTML Help ActiveX Control
Christine Walzer
Andrew Buttner
2002-0693
Added the configuration check to see if active scripting is enabled by the current user when local machine settings are not in use.
ACCEPTED
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0550
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0551
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0552
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0619
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0699
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CAN-2003-0700
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6.0
Harvey Rubinovitz
Harvey Rubinovitz
2002-1254
ACCEPTED
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods.
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
2003-0814
Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch.
Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6.0
Harvey Rubinovitz
Harvey Rubinovitz
2002-1185
ACCEPTED
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure.
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
2003-0700
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CAN-2003-0699
ACCEPTED
1
Microsoft Windows NT
Simple Network Management Protocol (SNMP)
Matt Busby
Matthew Burton
2002-0053
Filled out initial submission. Now a complete definition.
DRAFT
INTERIM
ACCEPTED
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CAN-2002-0012 and CAN-2002-0013, will be updated when more accurate information is available
ACCEPTED
1
Microsoft Windows 2000
HTML Help Facility
Christine Walzer
2002-0694
modified wrt-222 - changed pattern match
ACCEPTED
INTERIM
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File.
INTERIM
1
Microsoft Windows 2000
ISA Server 2000
Tiffany Bergeron
2003-0110
ACCEPTED
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745
ACCEPTED
0
Microsoft Windows 2000
Internet Explorer 5.5
Harvey Rubinovitz
Harvey Rubinovitz
2002-1254
ACCEPTED
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0816
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability
ACCEPTED
1
Red Hat Linux 9
Konqueror
Jay Beale
2003-0459
INTERIM
ACCEPTED
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
Andrew Buttner
2003-0816
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability
ACCEPTED
1
Red Hat Linux 9
LPRng
Jay Beale
2003-0136
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file
ACCEPTED
1
Microsoft Windows 2000
Telnet protocol
Christine Walzer
Christine Walzer
2002-0020
Changed patch registry key value to IsInstalled
INTERIM
ACCEPTED
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options
ACCEPTED
2
Microsoft Windows 2000
Microsoft Word 2002
Ingrid Skoog
Jonathan Baker
2002-1056
modified wft-484 - Corrected registry key in path component
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to
ACCEPTED
2
Red Hat Linux 9
lv
Jay Beale
2003-0188
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories
ACCEPTED
1
Red Hat Linux 9
Mutt
Jay Beale
2003-0140
INTERIM
ACCEPTED
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder
ACCEPTED
1
Red Hat Linux 9
MySQL
Jay Beale
2003-0073
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user
ACCEPTED
1
Red Hat Linux 9
MySQL
Jay Beale
2003-0150
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf
ACCEPTED
1
Red Hat Linux 9
nfs-utils
Jay Beale
2003-0252
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6.0
Harvey Rubinovitz
Harvey Rubinovitz
2002-1188
ACCEPTED
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading.
ACCEPTED
1
Red Hat Linux 9
OpenSSH
Jay Beale
Jay Beale
2003-0190
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack
ACCEPTED
1
Red Hat Linux 9
OpenSSH
Jay Beale
2003-0682
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CAN-2003-0693 and CAN-2003-0695
ACCEPTED
1
Red Hat Linux 9
OpenSSH
Jay Beale
2003-0693
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695
ACCEPTED
1
Sun Solaris 9
Bind
Brian Soby
2002-1220
DRAFT
INTERIM
ACCEPTED
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size
ACCEPTED
1
Microsoft Windows XP
Windows kernel
Christine Walzer
Christine Walzer
2004-0893
DRAFT
INTERIM
ACCEPTED
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Utilities Manager/Windows Messaging
Christine Walzer
2003-0350
modified wrt-222 - changed pattern match
ACCEPTED
INTERIM
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function
INTERIM
1
Red Hat Linux 9
OpenSSH
Jay Beale
2003-0695
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CAN-2003-0693
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
Andrew Buttner
2003-0816
Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability
ACCEPTED
1
Red Hat Linux 9
OpenSSL
Jay Beale
2003-0131
Corrected syntax errors in sql verion of the definition.
Added cmp-914 which uses an or to combine the 5 version tests. Previously the tests had been combined with an and.
INTERIM
ACCEPTED
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack.
ACCEPTED
1
Red Hat Linux 9
OpenSSL
Jay Beale
2003-0147
Corrected syntax errors in sql verion of the definition.
Added cmp-914 which uses an or to combine the 5 version tests. Previously the tests had been combined with an and.
INTERIM
ACCEPTED
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal)
ACCEPTED
1
Red Hat Linux 9
pam_smb
Jay Beale
2003-0686
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code
ACCEPTED
1
Red Hat Linux 9
CGI.pm
Jay Beale
2003-0615
INTERIM
ACCEPTED
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.01
Harvey Rubinovitz
Harvey Rubinovitz
2002-1186
ACCEPTED
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure.
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
2003-0815
Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch.
Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Andrew Buttner
2003-0904
INTERIM
ACCEPTED
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Internet Security and Acceleration Server 2000
David Proulx
David Proulx
2003-0819
INTERIM
ACCEPTED
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Microsoft Internet Explorer 6 Service Pack 1
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
2003-0816
Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch.
Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability
ACCEPTED
1
Microsoft Windows 2000
Internet Information Server 5.0
Tiffany Bergeron
Tiffany Bergeron
Christine Walzer
2003-0224
modified wrt-222 - changed pattern match
ACCEPTED
INTERIM
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun.
INTERIM
1
Microsoft Windows 2000
Microsoft SQL Server 2000
Matthew Burton
2002-0186
filling out initial submission.
Added service pack 3 test
DRAFT
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension.
ACCEPTED
1
Red Hat Linux 9
php
Jay Beale
Jay Beale
2003-0442
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter
ACCEPTED
1
Microsoft Windows 2000
Microsoft SQL Server 2000
Matthew Burton
2002-0186
Input of initial submission.
DRAFT
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
2003-1025
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
2003-1025
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Remote Procedure Call (RPC)
Tiffany Bergeron
2003-0605
ACCEPTED
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.5
Harvey Rubinovitz
Harvey Rubinovitz
2002-1186
ACCEPTED
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure.
ACCEPTED
1
Red Hat Linux 9
pine
Jay Beale
2003-0720
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type
ACCEPTED
1
Microsoft Windows NT
Remote Access Service (RAS)
Matt Busby
2001-0045
INTERIM
ACCEPTED
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities
ACCEPTED
1
Red Hat Linux 9
pine
Jay Beale
2003-0721
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Ingrid Skoog
Ingrid Skoog
2004-0566
DRAFT
INTERIM
ACCEPTED
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0817
Removed the test for Windows 2000 sp2 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
Andrew Buttner
2003-1048
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
2003-1025
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
2003-1025
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Andrew Buttner
2003-1025
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
2003-1025
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Ingrid Skoog
Ingrid Skoog
2004-0566
DRAFT
INTERIM
ACCEPTED
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
Andrew Buttner
2003-1048
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Tiffany Bergeron
Tiffany Bergeron
2004-0549
DRAFT
INTERIM
ACCEPTED
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
Andrew Buttner
2003-0817
Removed the test for Windows 2000 sp3 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp3 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object
ACCEPTED
1
Red Hat Linux 9
Postfix
Jay Beale
2003-0468
INTERIM
ACCEPTED
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Data Access Compnents 2.5
Christine Walzer
Christine Walzer
2003-0903
INTERIM
ACCEPTED
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
2003-1025
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
2003-1027
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
2003-1027
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
2003-1027
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
2003-1027
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Andrew Buttner
2003-1027
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
2003-1027
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0901
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CAN-2004-0571
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.5
Harvey Rubinovitz
Harvey Rubinovitz
2002-1185
ACCEPTED
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure.
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Microsoft Internet Explorer 6 Service Pack 1
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
2003-0817
Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch.
Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object
ACCEPTED
1
Red Hat Linux 9
Postfix
Jay Beale
2003-0540
INTERIM
ACCEPTED
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
Andrew Buttner
2003-0817
Removed the test for Windows 2000 sp4 installed. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.01 sp4 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-0817
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 5.5 sp2 patch.
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object
ACCEPTED
1
Red Hat Linux 9
smbd
Jay Beale
2003-0085
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Data Access Compnents 2.6
Christine Walzer
Christine Walzer
2003-0903
INTERIM
ACCEPTED
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request
ACCEPTED
1
Red Hat Linux 9
Samba
Jay Beale
2003-0086
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown
ACCEPTED
1
Sun Solaris 7
Xsun
Brian Soby
Brian Soby
2001-0422
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
Andrew Buttner
2003-0817
Removed the test for specific Windows operating systems. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object
ACCEPTED
1
Red Hat Linux 9
Samba
Jay Beale
2003-0196
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CAN-2003-0201
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
Andrew Buttner
2003-0817
Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object
ACCEPTED
1
Red Hat Linux 9
Samba, Samba-TNG
Jay Beale
2003-0201
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code
ACCEPTED
1
Red Hat Linux 9
semi MIME library
Jay Beale
Jay Beale
2003-0440
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files
ACCEPTED
1
Red Hat Linux 9
Sendmail
Jay Beale
2003-0694
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Workstation Service
Tiffany Bergeron
Tiffany Bergeron
2003-0812
ACCEPTED
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Virtual Machine (VM)
Tiffany Bergeron
2002-1258
INTERIM
ACCEPTED
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Word 97
Andrew Buttner
Andrew Buttner
2003-0820
INTERIM
ACCEPTED
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Word 98
Andrew Buttner
Andrew Buttner
2003-0820
INTERIM
ACCEPTED
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
Andrew Buttner
2003-0823
Removed the test for Windows Server 2003. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 sp1 patch.
Added Windows XP 64-bit, Version 2003 and Windows Server 2003 64-Bit to the list of affected platforms
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027
ACCEPTED
1
Microsoft Windows NT
Microsoft FrontPage Server Extensions 2000
Andrew Buttner
Andrew Buttner
2003-0824
Changed the definition to look at the file shtml.dll instead of fp4awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled.
INTERIM
ACCEPTED
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request
ACCEPTED
1
Red Hat Linux 9
Sendmail
Jay Beale
2003-0681
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences
ACCEPTED
1
Red Hat Linux 9
Sendmail
Jay Beale
2003-0688
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data
ACCEPTED
1
Red Hat Linux 9
Sendmail
Jay Beale
2003-0694
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c
ACCEPTED
1
Microsoft Windows XP
Microsoft FrontPage Server Extensions 2000
Andrew Buttner
Andrew Buttner
2003-0824
Changed the definition to look at the file shtml.dll instead of fp4awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled.
INTERIM
ACCEPTED
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request
ACCEPTED
1
Red Hat Linux 9
SquirrelMail
Jay Beale
2003-0160
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser
ACCEPTED
1
Red Hat Linux 9
unzip
Jay Beale
2003-0282
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft FrontPage Server Extensions 2002
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0824
Changed the definition to look at the file shtml.dll instead of fp5awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled.
XP SP2 added
INTERIM
ACCEPTED
INTERIM
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request
INTERIM
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
2003-1027
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CAN-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 2
Andrew Buttner
2003-1026
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability.
ACCEPTED
1
Red Hat Linux 9
up2date
Jay Beale
2003-0546
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised
ACCEPTED
1
Red Hat Linux 9
vsftpd
Jay Beale
2003-0135
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Excel 2000
Christine Walzer
Christine Walzer
2003-0821
ACCEPTED
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Andrew Buttner
2003-1026
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft ASN.1 Library
Andrew Buttner
2003-0818
INTERIM
ACCEPTED
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings
ACCEPTED
1
Red Hat Linux 9
xinetd
Jay Beale
2003-0211
Corrected syntax errors in sql verion of the definition.
Changed tested epoch in xinetd test rvt-253 to 2, based on testing.
INTERIM
ACCEPTED
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections
ACCEPTED
1
Red Hat Linux 9
xpdf
Jay Beale
Jay Beale
2003-0434
INTERIM
ACCEPTED
Various PDF viewers including Adobe Acrobat 5.06 and Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink
ACCEPTED
1
Red Hat Linux 9
ypserv
Jay Beale
Jay Beale
2003-0251
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Word 2002
Andrew Buttner
Andrew Buttner
2003-0820
INTERIM
ACCEPTED
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Excel 97
Andrew Buttner
Andrew Buttner
2003-0821
INTERIM
ACCEPTED
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model
ACCEPTED
1
Microsoft Windows NT
NetDDE Agent
Ingrid Skoog
2002-1230
DRAFT
INTERIM
ACCEPTED
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation.
ACCEPTED
1
Microsoft Windows XP
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0571
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-0901
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Andrew Buttner
2003-1026
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
2003-1026
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 5.5
Harvey Rubinovitz
Harvey Rubinovitz
2002-1188
ACCEPTED
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading.
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Excel 2002
Andrew Buttner
Andrew Buttner
2003-0821
INTERIM
ACCEPTED
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model
ACCEPTED
1
Microsoft Windows NT
Microsoft FrontPage Server Extensions 2000
Andrew Buttner
Andrew Buttner
2003-0822
Changed the definition to test for fp30reg.dll and fp4areg.dll instead of fp4awel.dll.
INTERIM
ACCEPTED
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request
ACCEPTED
1
Microsoft Windows 2000
Windows Internet Naming Service (WINS)
Andrew Buttner
2003-0825
INTERIM
ACCEPTED
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Microsoft Windows XP
Internet Explorer 6
Harvey Rubinovitz
2005-0055
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability.
DRAFT
0
Microsoft Windows NT
Windows Animated Cursor
Christine Walzer
Christine Walzer
2004-1305
DRAFT
INTERIM
ACCEPTED
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang
ACCEPTED
1
Microsoft Windows 2000
Hyperlink Object Library
Christine Walzer
Christine Walzer
2005-0057
DRAFT
INTERIM
ACCEPTED
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Microsoft Internet Explorer 6 Service Pack 1
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
2003-0823
Removed the test for Windows XP. This is not part of the vulnerability definition. Instead, it is a pre-requisite of installing the IE 6 patch.
Removed the IE 6 SP 1 part of this definition as the SP 1 part is defined in a different OVAL.
INTERIM
ACCEPTED
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CAN-2003-1027
ACCEPTED
1
Microsoft Windows 2000
Microsoft FrontPage Server Extensions 2000
Tiffany Bergeron
Tiffany Bergeron
Andrew Buttner
2003-0822
Changed the definition to test for fp30reg.dll and fp4areg.dll instead of fp4awel.dll.
INTERIM
ACCEPTED
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions 2000 and 2002 allows remote attackers to execute arbitrary code via a certain chunked encoded request
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Andrew Buttner
2003-1026
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Data Access Compnents 2.7
Christine Walzer
Christine Walzer
2003-0903
INTERIM
ACCEPTED
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft SharePoint Team Services
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0824
Changed the definition to look at the file shtml.dll instead of fp5awel.dll. It was determined that this is where the vulnerability (a buffer overflow) actually existed. Also added the configuration test saying you are vulnerable if the SmartHTML interpreter is enabled.
XP SP2 added
INTERIM
ACCEPTED
INTERIM
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request
INTERIM
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Andrew Buttner
2003-1026
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Data Access Compnents 2.8
Christine Walzer
Christine Walzer
2003-0903
INTERIM
ACCEPTED
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request
ACCEPTED
1
Microsoft Windows 2000
Local Security Authority Subsystem Service (LSASS)
Christine Walzer
Christine Walzer
2004-0894
DRAFT
INTERIM
ACCEPTED
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program
ACCEPTED
1
Microsoft Windows XP
Christine Walzer
2003-0112
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Windows Script Engine for JScript v5.1
Tiffany Bergeron
Tiffany Bergeron
David Proulx
Christine Walzer
2003-0010
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
Added patch information to definition
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack
ACCEPTED
2
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Windows Script Engine for JScript v5.5
Tiffany Bergeron
Tiffany Bergeron
David Proulx
Christine Walzer
2003-0010
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
Added patch information to definition
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack
ACCEPTED
2
Microsoft Windows NT
Microsoft ASN.1 Library
Andrew Buttner
2003-0818
INTERIM
ACCEPTED
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings
ACCEPTED
1
Microsoft Windows XP
Microsoft ASN.1 Library
Andrew Buttner
Christine Walzer
2003-0818
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings
ACCEPTED
2
Microsoft Windows Server 2003
Microsoft ASN.1 Library
Andrew Buttner
2003-0818
INTERIM
ACCEPTED
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings
ACCEPTED
1
Microsoft Windows NT
Windows Internet Naming Service (WINS)
Andrew Buttner
2003-0825
INTERIM
ACCEPTED
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Microsoft Windows NT
Windows Internet Naming Service (WINS)
Andrew Buttner
2003-0825
INTERIM
ACCEPTED
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Microsoft Windows Server 2003
Windows Internet Naming Service (WINS)
Andrew Buttner
2003-0825
INTERIM
ACCEPTED
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Red Hat Linux 9
PWLib
Jay Beale
Jay Beale
Matt Busby
2004-0097
Added a program_name element to rlt-217
ACCEPTED
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol
ACCEPTED
1
Red Hat Linux 9
netpbm
Jay Beale
Jay Beale
Matt Busby
2003-0924
Corrected syntax errors in sql verion of the definition.
ACCEPTED
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Andrew Buttner
2003-1026
Added the configuration check to see if ActiveX controls and active scripting are enabled by the current user when local machine settings are not in use.
INTERIM
ACCEPTED
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability.
ACCEPTED
1
Red Hat Linux 9
XFree86
Jay Beale
Jay Beale
Matt Busby
2004-0083
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084 and CAN-2004-0106
ACCEPTED
1
Red Hat Linux 9
XFree86
Jay Beale
Jay Beale
Matt Busby
2004-0084
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083 and CAN-2004-0106
ACCEPTED
1
Red Hat Linux 9
XFree86
Jay Beale
Jay Beale
Matt Busby
2004-0106
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CAN-2004-0083 and CAN-2004-0084
ACCEPTED
1
Red Hat Enterprise Linux 3
netpbm
Jay Beale
Jay Beale
Matt Busby
2003-0924
Corrected syntax errors in sql verion of the definition.
ACCEPTED
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files
ACCEPTED
1
Red Hat Linux 9
Mutt
Jay Beale
Jay Beale
2004-0078
ACCEPTED
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages
ACCEPTED
1
Red Hat Linux 9
Mailman
Jay Beale
Jay Beale
2003-0965
ACCEPTED
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities
ACCEPTED
1
Red Hat Linux 9
Mailman
Jay Beale
Jay Beale
2003-0992
ACCEPTED
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users
ACCEPTED
1
Red Hat Linux 9
Gaim
Jay Beale
Jay Beale
2004-0006
ACCEPTED
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect
ACCEPTED
1
Red Hat Linux 9
Gaim
Jay Beale
Jay Beale
2004-0007
ACCEPTED
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Red Hat Linux 9
Gaim
Jay Beale
Jay Beale
2004-0008
ACCEPTED
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow
ACCEPTED
1
Red Hat Linux 9
slocate
Jay Beale
Jay Beale
Matt Busby
2003-0848
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used
ACCEPTED
1
Red Hat Linux 9
Midnight Commander
Jay Beale
Matt Busby
2003-1023
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion
ACCEPTED
1
Red Hat Linux 9
KDE
Jay Beale
Jay Beale
2003-0592
INTERIM
ACCEPTED
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application
ACCEPTED
1
Red Hat Enterprise Linux 3
mremap
Jay Beale
Jay Beale
Matt Busby
2004-0077
Corrected syntax errors in sql verion of the definition.
ACCEPTED
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985
ACCEPTED
1
Red Hat Enterprise Linux 3
PWLib
Jay Beale
Jay Beale
Matt Busby
2004-0097
Added a program_name element to rlt-217
ACCEPTED
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol
ACCEPTED
1
Red Hat Enterprise Linux 3
Samba 3.0.0 and 3.0.1
Jay Beale
Jay Beale
Matt Busby
2004-0082
Corrected syntax errors in sql verion of the definition.
ACCEPTED
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password
ACCEPTED
1
Red Hat Linux 9
mod_python
Jay Beale
Jay Beale
Matt Busby
2003-0973
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string
ACCEPTED
1
Red Hat Enterprise Linux 3
XFree86
Jay Beale
Matt Busby
2004-0083
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
ACCEPTED
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084 and CAN-2004-0106
ACCEPTED
1
Red Hat Enterprise Linux 3
XFree86
Jay Beale
Jay Beale
Matt Busby
2004-0084
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
ACCEPTED
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083 and CAN-2004-0106
ACCEPTED
1
Red Hat Enterprise Linux 3
XFree86
Jay Beale
Jay Beale
Matt Busby
2004-0106
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CAN-2004-0083 and CAN-2004-0084
ACCEPTED
1
Red Hat Enterprise Linux 3
XMLSoft Libxml2
Jay Beale
Jay Beale
Matt Busby
2004-0110
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
Jay Beale
Matt Busby
2004-0003
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking.
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
Jay Beale
Matt Busby
2004-0010
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges
ACCEPTED
1
Red Hat Linux 9
Vicam USB driver
Jay Beale
Jay Beale
Matt Busby
2004-0075
Corrected syntax errors in sql verion of the definition.
ACCEPTED
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service
ACCEPTED
1
Red Hat Linux 9
mremap
Jay Beale
Jay Beale
Matt Busby
2004-0077
Corrected syntax errors in sql verion of the definition.
ACCEPTED
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985
ACCEPTED
1
Red Hat Enterprise Linux 3
Mutt
Jay Beale
Jay Beale
Matt Busby
2004-0078
Corrected pattern used in rrt-206
ACCEPTED
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages
ACCEPTED
1
Red Hat Linux 9
mod_python
Jay Beale
Jay Beale
Matt Busby
2003-0973
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string
ACCEPTED
1
Microsoft Windows 2000
Windows Media Services
Tiffany Bergeron
Tiffany Bergeron
2003-0905
INTERIM
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets
INTERIM
0
Microsoft Windows 95
Microsoft Outlook
Andrew Buttner
Andrew Buttner
Jonathan Baker
2004-0121
modified wft-130 - Added path to the end of the registry key specified in the first component of the file path
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs
ACCEPTED
2
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
MSN Messenger
Christine Walzer
Christine Walzer
Andrew Buttner
2004-0122
Fixed the path for both versions of the file to look at the correct registry key to determine the location of the 'Program Files' folder..
INTERIM
ACCEPTED
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files
ACCEPTED
1
Red Hat Enterprise Linux 3
gdk-pixbuf
Jay Beale
Jay Beale
Matt Busby
2004-0111
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file
ACCEPTED
1
Red Hat Linux 9
gdk-pixbuf
Jay Beale
Jay Beale
Matt Busby
2004-0111
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file
ACCEPTED
1
Red Hat Linux 9
tcpdump
Jay Beale
Jay Beale
2003-0989
ACCEPTED
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CAN-2004-0057
ACCEPTED
1
Red Hat Linux 9
sysstat
Jay Beale
Jay Beale
Matt Busby
2004-0107
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CAN-2004-0108
ACCEPTED
1
Red Hat Linux 9
tcpdump
Jay Beale
Jay Beale
2004-0055
ACCEPTED
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value
ACCEPTED
1
Red Hat Linux 9
tcpdump
Jay Beale
Jay Beale
2004-0057
ACCEPTED
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CAN-2003-0989
ACCEPTED
1
Red Hat Enterprise Linux 3
tcpdump
Jay Beale
Jay Beale
2003-0989
ACCEPTED
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CAN-2004-0057
ACCEPTED
1
Red Hat Enterprise Linux 3
tcpdump
Jay Beale
Jay Beale
2004-0055
ACCEPTED
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value
ACCEPTED
1
Red Hat Enterprise Linux 3
tcpdump
Jay Beale
Jay Beale
Matt Busby
2004-0057
Corrected pattern used in rrt-206
ACCEPTED
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CAN-2003-0989
ACCEPTED
1
Red Hat Linux 9
CVS server
Jay Beale
Jay Beale
Matt Busby
2003-0977
Corrected syntax errors in sql verion of the definition.
ACCEPTED
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests
ACCEPTED
1
Red Hat Linux 9
Ethereal
Jay Beale
Jay Beale
Matt Busby
2003-1012
Corrected syntax errors in sql verion of the definition.
ACCEPTED
The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets
ACCEPTED
1
Red Hat Linux 9
Tethereal
Jay Beale
Jay Beale
Matt Busby
2003-1013
Corrected syntax errors in sql verion of the definition.
ACCEPTED
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference
ACCEPTED
1
Red Hat Linux 9
KDE Personal Information Management (kdepim)
Jay Beale
Jay Beale
2003-0988
ACCEPTED
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
Jay Beale
Matt Busby
2003-0984
Corrected syntax errors in sql verion of the definition.
ACCEPTED
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space
ACCEPTED
1
Red Hat Linux 9
Linux kernel
Jay Beale
Jay Beale
Matt Busby
2003-0985
Corrected syntax errors in sql verion of the definition.
ACCEPTED
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077
ACCEPTED
1
Red Hat Enterprise Linux 3
nfs-utils packages
Jay Beale
Jay Beale
Matt Busby
2004-0154
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name
ACCEPTED
1
Red Hat Enterprise Linux 3
Sysstat
Jay Beale
Jay Beale
Matt Busby
2004-0107
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CAN-2004-0108
ACCEPTED
1
Red Hat Linux 9
httpd
Jay Beale
Matt Busby
2003-0542
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures
ACCEPTED
1
Red Hat Enterprise Linux 3
Apache
Jay Beale
Jay Beale
Matt Busby
2003-0542
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures
ACCEPTED
1
Red Hat Enterprise Linux 3
KDE Personal Information Management (kdepim)
Jay Beale
Jay Beale
Matt Busby
2003-0988
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file
ACCEPTED
1
Red Hat Enterprise Linux 3
CVS server
Jay Beale
Jay Beale
Matt Busby
2003-0977
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests
ACCEPTED
1
Red Hat Enterprise Linux 3
Linux kernel
Matt Busby
Matt Busby
2003-0985
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077
ACCEPTED
1
Red Hat Enterprise Linux 3
Linux kernel
Matt Busby
Matt Busby
2004-0001
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges
ACCEPTED
1
Red Hat Enterprise Linux 3
Net-SNMP
Matt Busby
Matt Busby
2003-0935
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed
ACCEPTED
1
Red Hat Enterprise Linux 3
OpenSSL
Matt Busby
Matt Busby
2004-0079
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference
ACCEPTED
1
Red Hat Enterprise Linux 3
OpenSSL
Matt Busby
Matt Busby
2004-0081
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool
ACCEPTED
1
Red Hat Linux 9
mozilla
Jay Beale
2003-0564
INTERIM
ACCEPTED
Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite
ACCEPTED
1
Red Hat Linux 9
mozilla
Jay Beale
2003-0594
INTERIM
ACCEPTED
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application
ACCEPTED
1
Red Hat Linux 9
mozilla
Jay Beale
2004-0191
INTERIM
ACCEPTED
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events
ACCEPTED
1
Red Hat Enterprise Linux 3
libxml2
Jay Beale
2004-0110
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL
ACCEPTED
1
Red Hat Enterprise Linux 3
httpd
Jay Beale
2004-0113
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server
ACCEPTED
1
Red Hat Linux 9
Red Hat 9
Jay Beale
2004-0189
INTERIM
ACCEPTED
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists
ACCEPTED
1
Red Hat Linux 9
Red Hat 9
Jay Beale
2004-0176
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors
ACCEPTED
1
Red Hat Linux 9
Red Hat 9
Jay Beale
2004-0365
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference
ACCEPTED
1
Red Hat Linux 9
Red Hat 9
Jay Beale
2004-0367
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Outlook Express
Andrew Buttner
Andrew Buttner
2004-0380
INTERIM
ACCEPTED
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Local Security Authority Subsystem Service (LSASS)
Tiffany Bergeron
Tiffany Bergeron
2003-0533
INTERIM
ACCEPTED
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm
ACCEPTED
1
Microsoft Windows Server 2003
Secure Sockets Layer (SSL)
David Proulx
David Proulx
2004-0120
INTERIM
ACCEPTED
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages
ACCEPTED
1
Microsoft Windows XP
Secure Sockets Layer (SSL)
David Proulx
David Proulx
Christine Walzer
2004-0120
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages
ACCEPTED
2
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0176
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors
ACCEPTED
1
Microsoft Windows XP
Private Communications Transport (PCT)
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0719
added cmp-66
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets
ACCEPTED
2
Microsoft Windows 2000
Local Descriptor Table (LDT)
Jonathan Baker
Jonathan Baker
2003-0910
INTERIM
ACCEPTED
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0365
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference
ACCEPTED
1
Microsoft Windows 2000
Secure Sockets Layer (SSL)
David Proulx
David Proulx
2004-0120
INTERIM
ACCEPTED
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages
ACCEPTED
1
Microsoft Windows 2000
Remote Procedure Call (RPC)
Christine Walzer
2003-0813
INTERIM
ACCEPTED
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CAN-2003-0352 (Blaster/Nachi), CAN-2003-0715, and CAN-2003-0528, and as demonstrated by certain exploits against those vulnerabilities
ACCEPTED
1
Microsoft Windows Server 2003
Remote Procedure Call (RPC)
Christine Walzer
2003-0813
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CAN-2003-0352 (Blaster/Nachi), CAN-2003-0715, and CAN-2003-0528, and as demonstrated by certain exploits against those vulnerabilities
DRAFT
0
Microsoft Windows NT
Windows logon process (winlogon)
Andrew Buttner
Andrew Buttner
2003-0806
INTERIM
ACCEPTED
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows 2000
Windows logon process (winlogon)
Andrew Buttner
Andrew Buttner
2003-0806
INTERIM
ACCEPTED
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows NT
Enhanced Metafile (EMF)
Windows Metafile (WMF)
Andrew Buttner
Andrew Buttner
2003-0906
INTERIM
ACCEPTED
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1allows remote attackers to execute arbitrary code via a malformed WNF or EMF image
ACCEPTED
1
Microsoft Windows XP
Local Security Authority Subsystem Service (LSASS)
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0533
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm
ACCEPTED
2
Microsoft Windows XP
Remote Procedure Call (RPC)
Christine Walzer
2003-0813
INTERIM
ACCEPTED
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CAN-2003-0352 (Blaster/Nachi), CAN-2003-0715, and CAN-2003-0528, and as demonstrated by certain exploits against those vulnerabilities
ACCEPTED
1
Microsoft Windows Server 2003
COM Internet Services
Christine Walzer
2005-0047
Added compound statement to include three platforms
DRAFT
INTERIM
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability.
INTERIM
0
Red Hat Linux 9
OpenSSL
Matt Busby
Matt Busby
2004-0081
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool
ACCEPTED
1
Microsoft Windows NT
Private Communications Transport (PCT)
Andrew Buttner
Andrew Buttner
2003-0719
INTERIM
ACCEPTED
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets
ACCEPTED
1
Microsoft Windows Server 2003
Help and Support Center (HSC)
Harvey Rubinovitz
2003-0907
Added a criterion to the configuration section to see if the HCP protocol is registered.
INTERIM
ACCEPTED
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0367
Corrected syntax errors in sql verion of the definition.
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector
ACCEPTED
1
Microsoft Windows 2000
H.323
Jonathan Baker
Jonathan Baker
2004-0117
INTERIM
ACCEPTED
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows NT
IIS 4.0
Christine Walzer
2001-0507
INTERIM
ACCEPTED
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability
ACCEPTED
1
Microsoft Windows NT
Local Descriptor Table (LDT)
Jonathan Baker
Jonathan Baker
2003-0910
INTERIM
ACCEPTED
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
2001-0507
modified wft-305 - changed the version of msw3prt.dll to test against from 5.5.2195.3649 to 5.0.2195.3649
INTERIM
ACCEPTED
INTERIM
ACCEPTED
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability
ACCEPTED
2
Microsoft Windows NT
IIS 4.0
Christine Walzer
1999-0278
INTERIM
ACCEPTED
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2003-0564
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite
ACCEPTED
1
Microsoft Windows NT
IIS 4.0
Christine Walzer
1999-0874
INTERIM
ACCEPTED
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2003-0594
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application
ACCEPTED
1
Microsoft Windows Server 2003
Local Security Authority Subsystem Service (LSASS)
Andrew Buttner
Andrew Buttner
2003-0533
INTERIM
ACCEPTED
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows NT
Microsoft Windows 2000
Internet Explorer 5.5, Internet Explorer 5.5 Service Pack 1
Tiffany Bergeron
2001-0002
INTERIM
ACCEPTED
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6
Tiffany Bergeron
Harvey Rubinovitz
2001-0727
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability.
ACCEPTED
2
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Internet Explorer 5.5
Tiffany Bergeron
Harvey Rubinovitz
2003-0344
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page
ACCEPTED
2
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6
Tiffany Bergeron
Harvey Rubinovitz
2002-0190
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability
ACCEPTED
2
Microsoft Windows Server 2003
Microsoft ASN.1 Library
David Proulx
David Proulx
2004-0123
INTERIM
ACCEPTED
Double-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6
Tiffany Bergeron
Harvey Rubinovitz
2002-0022
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated
ACCEPTED
2
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Internet Explorer 5.5
Tiffany Bergeron
Harvey Rubinovitz
2003-0113
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields
ACCEPTED
2
Microsoft Windows 2000
IIS 5.0
Christine Walzer
2000-0778
INTERIM
ACCEPTED
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability
ACCEPTED
1
Red Hat Enterprise Linux 3
OpenSSL
Matt Busby
Matt Busby
2004-0112
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read
ACCEPTED
1
Microsoft Windows NT
IIS 4.0
Christine Walzer
Christine Walzer
2002-0869
INTERIM
ACCEPTED
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation.
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
2002-0869
modified wft-330 - changed the version of msw3prt.dll to test against from 5.5.2195.58075 to 5.0.2195.5807
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation.
ACCEPTED
2
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
2002-1180
modified wft-330 - changed the version of msw3prt.dll to test against from 5.5.2195.58075 to 5.0.2195.5807
INTERIM
ACCEPTED
INTERIM
ACCEPTED
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability.
ACCEPTED
2
Microsoft Windows NT
IIS 4.0
Christine Walzer
Christine Walzer
1999-0736
INTERIM
ACCEPTED
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
2003-0226
INTERIM
ACCEPTED
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
2003-0227
INTERIM
ACCEPTED
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0191
Corrected pattern used in rrt-206
INTERIM
ACCEPTED
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
2003-0349
INTERIM
ACCEPTED
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0424
INTERIM
ACCEPTED
Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0109
INTERIM
ACCEPTED
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x , allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0189
INTERIM
ACCEPTED
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
2002-1181
modified wft-330 - changed the version of msw3prt.dll to test against from 5.5.2195.58075 to 5.0.2195.5807
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors
ACCEPTED
2
Microsoft Windows NT
IIS 4.0
Christine Walzer
Christine Walzer
2002-1181
INTERIM
ACCEPTED
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2004-0155
INTERIM
ACCEPTED
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate
ACCEPTED
1
Microsoft Windows Server 2003
H.323
Jonathan Baker
Jonathan Baker
2004-0117
INTERIM
ACCEPTED
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2004-0164
INTERIM
ACCEPTED
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Internet Explorer 5.5
Tiffany Bergeron
Harvey Rubinovitz
2003-0309
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability.
ACCEPTED
2
Microsoft Windows 2000
Private Communications Transport (PCT)
Andrew Buttner
Andrew Buttner
2003-0719
INTERIM
ACCEPTED
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets
ACCEPTED
1
Microsoft Windows NT
SNMP
Christine Walzer
1999-0815
INTERIM
ACCEPTED
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2004-0411
INTERIM
ACCEPTED
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code
ACCEPTED
1
Microsoft Windows 2000
Remote Procedure Call (RPC)
Christine Walzer
2004-0116
INTERIM
ACCEPTED
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field
ACCEPTED
1
Microsoft Windows NT
HTML Help Facility
Andrew Buttner
Andrew Buttner
2003-1041
INTERIM
ACCEPTED
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CAN-2004-0475
ACCEPTED
0
Microsoft Windows Server 2003
Remote Procedure Call (RPC)
Christine Walzer
2004-0116
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field
DRAFT
0
Microsoft Windows XP
Remote Procedure Call (RPC)
Christine Walzer
2004-0116
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field
ACCEPTED
2
Microsoft Windows 2000
Enhanced Metafile (EMF)
Windows Metafile (WMF)
Andrew Buttner
Andrew Buttner
2003-0906
INTERIM
ACCEPTED
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1allows remote attackers to execute arbitrary code via a malformed WNF or EMF image
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
MDAC 2.5
Christine Walzer
2003-0353
split out the MDAC and file version tests from the compound test
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434
ACCEPTED
2
Microsoft Windows XP
Microsoft Data Access Components 2.6
Christine Walzer
2003-0353
INTERIM
ACCEPTED
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Internet Explorer 5.5
Tiffany Bergeron
Harvey Rubinovitz
2003-0114
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files
ACCEPTED
2
Microsoft Windows XP
H.323
Jonathan Baker
Jonathan Baker
2004-0117
INTERIM
ACCEPTED
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows NT
IIS 4.0
Christine Walzer
Christine Walzer
2003-0227
INTERIM
ACCEPTED
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2004-0426
INTERIM
ACCEPTED
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Jet Database Engine
Andrew Buttner
Andrew Buttner
2004-0197
INTERIM
ACCEPTED
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query
ACCEPTED
1
Microsoft Windows NT
COM Internet Services
Christine Walzer
2003-0807
INTERIM
ACCEPTED
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a specially crafted request
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0396
INTERIM
ACCEPTED
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0421
INTERIM
ACCEPTED
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0183
INTERIM
ACCEPTED
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6
Tiffany Bergeron
Harvey Rubinovitz
2002-0027
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874
ACCEPTED
2
Red Hat Linux 9
OpenSSL
Matt Busby
Matt Busby
2004-0079
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0184
INTERIM
ACCEPTED
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0234
INTERIM
ACCEPTED
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14 allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0235
INTERIM
ACCEPTED
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path")
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0233
INTERIM
ACCEPTED
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0541
INTERIM
ACCEPTED
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable)
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0504
INTERIM
ACCEPTED
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients
ACCEPTED
1
Microsoft Windows XP
IIS 5.1
Christine Walzer
Christine Walzer
2002-0869
INTERIM
ACCEPTED
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation.
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2004-0403
INTERIM
ACCEPTED
Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0505
INTERIM
ACCEPTED
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0506
INTERIM
ACCEPTED
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0507
INTERIM
ACCEPTED
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Outlook Express
Andrew Buttner
Andrew Buttner
2004-0380
INTERIM
ACCEPTED
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability.
ACCEPTED
1
Red Hat Enterprise Linux 3
MIT Kerberos 5 (krb5)
Jay Beale
2004-0523
INTERIM
ACCEPTED
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root
ACCEPTED
1
Red Hat Enterprise Linux 3
CVS
Jay Beale
2004-0414
INTERIM
ACCEPTED
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution
ACCEPTED
1
Red Hat Enterprise Linux 3
CVS
Jay Beale
2004-0416
INTERIM
ACCEPTED
Double-free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows 2000
COM Internet Services
Christine Walzer
2003-0807
INTERIM
ACCEPTED
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a specially crafted request
ACCEPTED
1
Microsoft Windows 98
File and Print Sharing
Tiffany Bergeron
Tiffany Bergeron
2000-0979
INTERIM
ACCEPTED
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2003-0461
INTERIM
INTERIM
ACCEPTED
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords
ACCEPTED
1
Microsoft Windows XP
Help and Support Center (HSC)
Harvey Rubinovitz
Christine Walzer
2003-0907
Added a criterion to the configuration section to see if the HCP protocol is registered.
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe
ACCEPTED
2
Red Hat Enterprise Linux 3
CVS
Jay Beale
2004-0417
INTERIM
ACCEPTED
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space
ACCEPTED
1
Red Hat Enterprise Linux 3
CVS
Jay Beale
2004-0418
INTERIM
ACCEPTED
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data
ACCEPTED
1
Microsoft Windows XP
Windows XP
Harvey Rubinovitz
Christine Walzer
2003-0909
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability.
ACCEPTED
2
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Harvey Rubinovitz
2005-0055
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability.
DRAFT
0
Red Hat Enterprise Linux 3
SquirrelMail
Jay Beale
2004-0519
INTERIM
ACCEPTED
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php
ACCEPTED
0
Microsoft Windows XP
Microsoft ASN.1 Library
David Proulx
David Proulx
Christine Walzer
2004-0123
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Double-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
2
Microsoft Windows XP
Help and Support Center (HSC)
Harvey Rubinovitz
Harvey Rubinovitz
Christine Walzer
2004-0199
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm)
ACCEPTED
2
Microsoft Windows XP
IIS 5.1
Christine Walzer
Christine Walzer
2002-1182
INTERIM
ACCEPTED
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Outlook Express
Andrew Buttner
Andrew Buttner
2004-0380
INTERIM
ACCEPTED
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
2002-1182
modified wft-330 - changed the version of msw3prt.dll to test against from 5.5.2195.58075 to 5.0.2195.5807
INTERIM
ACCEPTED
INTERIM
ACCEPTED
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned
ACCEPTED
2
Red Hat Enterprise Linux 3
SquirrelMail
Jay Beale
2004-0520
INTERIM
ACCEPTED
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php
ACCEPTED
0
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2003-0984
INTERIM
ACCEPTED
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space
ACCEPTED
2
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6
Tiffany Bergeron
Harvey Rubinovitz
2001-0875
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download
ACCEPTED
2
Microsoft Windows 2000
Lightweight Directory Access Protocol (LDAP)
Tiffany Bergeron
Tiffany Bergeron
2003-0663
INTERIM
ACCEPTED
Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2004-0003
INTERIM
ACCEPTED
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking.
ACCEPTED
1
Microsoft Windows NT
IIS 4.0
Christine Walzer
Christine Walzer
2001-0333
INTERIM
ACCEPTED
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows NT
Tiffany Bergeron
2000-0377
INTERIM
ACCEPTED
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Exchange 2000
Tiffany Bergeron
2002-0049
INTERIM
ACCEPTED
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows NT
Tiffany Bergeron
1999-0562
INTERIM
ACCEPTED
The registry in Windows NT can be accessed remotely by users who are not administrators
ACCEPTED
1
Microsoft Windows 2000
NetBIOS
Tiffany Bergeron
Tiffany Bergeron
1999-0621
INTERIM
ACCEPTED
A component service related to NETBIOS is running
ACCEPTED
1
Microsoft Windows NT
SQL Server 2000
Tiffany Bergeron
Tiffany Bergeron
Jonathan Baker
2002-0642
modified wft-418 - Added space to registry key. used to say "AppPath" I changed it to "App Path"
INTERIM
ACCEPTED
INTERIM
INTERIM
ACCEPTED
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key.
ACCEPTED
2
Microsoft Windows 2000
Microsoft DirectPlay
Tiffany Bergeron
Tiffany Bergeron
2004-0202
INTERIM
ACCEPTED
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Outlook Express
Andrew Buttner
Andrew Buttner
2004-0380
INTERIM
ACCEPTED
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability.
ACCEPTED
1
Microsoft Windows Server 2003
COM Internet Services
Christine Walzer
2003-0807
INTERIM
ACCEPTED
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a specially crafted request
ACCEPTED
1
Microsoft Windows Server 2003
Help and Support Center (HSC)
Harvey Rubinovitz
Harvey Rubinovitz
2004-0199
INTERIM
ACCEPTED
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm)
ACCEPTED
1
Red Hat Enterprise Linux 3
SquirrelMail
Jay Beale
2004-0521
INTERIM
ACCEPTED
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php
ACCEPTED
0
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
Jay Beale
2004-0010
INTERIM
ACCEPTED
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges
ACCEPTED
2
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Veritas Backup Exec 8.5
Tiffany Bergeron
Tiffany Bergeron
2002-1117
INTERIM
Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares
INTERIM
0
Microsoft Windows XP
Microsoft Data Access Components 2.7
Christine Walzer
2003-0353
Changed patch registry key value to IsInstalled
INTERIM
ACCEPTED
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434
ACCEPTED
3
Microsoft Windows NT
Remote Procedure Call (RPC)
Christine Walzer
2004-0124
INTERIM
ACCEPTED
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability.
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0180
INTERIM
ACCEPTED
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CAN-2004-0405
ACCEPTED
1
Microsoft Windows 2000
Utility Manager
Harvey Rubinovitz
2003-0908
INTERIM
ACCEPTED
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CAN-2004-0213
ACCEPTED
1
Sun Solaris 7
Sun Solaris 8
snmpdx
Brian Soby
2002-0012
DRAFT
INTERIM
ACCEPTED
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available
ACCEPTED
1
Red Hat Linux 9
OpenSSL
Matt Busby
Matt Busby
2004-0112
Corrected syntax errors in sql verion of the definition.
INTERIM
ACCEPTED
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
2001-0333
INTERIM
ACCEPTED
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice
ACCEPTED
1
Microsoft Windows XP
Compressed Folders
David Proulx
Jonathan Baker
2004-0575
modified wrt-554 - corrected regular exprsssion on value. Needed to escape the period in the file name and change the *'s to .*
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation
ACCEPTED
2
Microsoft Windows XP
Windows logon process (winlogon)
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0806
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code
ACCEPTED
2
Microsoft Windows XP
Christine Walzer
2002-0862
Added superceding patch info.
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS
ACCEPTED
1
Microsoft Windows NT
Christine Walzer
2002-1183
Added superceding patch info.
Changed to DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862)
ACCEPTED
1
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0405
INTERIM
ACCEPTED
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CAN-2004-0180
ACCEPTED
1
Microsoft Windows 2000
Remote Procedure Call (RPC)
Christine Walzer
2004-0124
INTERIM
ACCEPTED
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Enhanced Metafile (EMF)
Windows Metafile (WMF)
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-0906
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1allows remote attackers to execute arbitrary code via a malformed WNF or EMF image
ACCEPTED
2
Red Hat Enterprise Linux 3
Red Hat Enteprise Linux 3
Jay Beale
2004-0179
INTERIM
ACCEPTED
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, or (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code
ACCEPTED
1
Microsoft Windows Server 2003
Remote Procedure Call (RPC)
Christine Walzer
Christine Walzer
2004-0124
INTERIM
ACCEPTED
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Christine Walzer
Christine Walzer
Ingrid Skoog
2001-0241
modified wft-340 - added .dll to end of literal string as needed
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0
ACCEPTED
2
Microsoft Windows XP
Remote Procedure Call (RPC)
Christine Walzer
2004-0124
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability.
ACCEPTED
2
Microsoft Windows NT
Microsoft Windows 2000
Microsoft ASN.1 Library
David Proulx
David Proulx
2004-0123
INTERIM
ACCEPTED
Double-free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code
ACCEPTED
1
Microsoft Windows NT
SQL Server 2000
Tiffany Bergeron
Tiffany Bergeron
Jonathan Baker
2002-0649
modified wft-426 - Added space to registry key. used to say "AppPaths" I changed it to "App Paths"
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Multiple buffer overflows in SQL Server 2000 Resolution Service allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption
ACCEPTED
2
Microsoft Windows 2000
NetBIOS
Tiffany Bergeron
Tiffany Bergeron
Jonathan Baker
2000-1079
modified wrt-398 - corrected regular expression on key. needed to escape all back slashes
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram
ACCEPTED
2
Microsoft Windows Server 2003
Private Communications Transport (PCT)
Andrew Buttner
Andrew Buttner
2003-0719
INTERIM
ACCEPTED
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets
ACCEPTED
1
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Internet Explorer 5.5 Service Pack 2
Tiffany Bergeron
Harvey Rubinovitz
2003-0233
Replaced IE cumulative patch IDs to correspond to the original IDs
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CAN-2003-0115
ACCEPTED
2
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Internet Explorer 5.5, Internet Explorer 5.5 Service Pack 1
Tiffany Bergeron
2001-0339
INTERIM
ACCEPTED
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability.
ACCEPTED
1
Sun Solaris 9
CDE
Brian Soby
2002-0677
modified sat-6 - Changed test to pattern match and added check for 64bit version
modified sat-6 - Changed regular expression test to properly check for 64bit package
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure
ACCEPTED
2
Microsoft Windows XP
Microsoft Windows Server 2003
GDI+
Ingrid Skoog
2004-0200
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
1
Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
Solaris Enterprise Authentication Mechanism (SEAM)
Brian Soby
2003-0058
DRAFT
INTERIM
ACCEPTED
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference
ACCEPTED
1
Microsoft Windows Server 2003
Jonathan Baker
Jonathan Baker
2004-1319
DRAFT
INTERIM
ACCEPTED
The DHTML Edit Control (dhtmled.ocx) in Internet Explorer 6.0.2900.2180 allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent.
ACCEPTED
1
Microsoft Windows 2000
Remote Procedure Call (RPC)
Christine Walzer
Christine Walzer
2003-0605
DRAFT
INTERIM
ACCEPTED
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Tiffany Bergeron
Tiffany Bergeron
2004-0549
DRAFT
INTERIM
ACCEPTED
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object
ACCEPTED
1
Microsoft Windows 2000
Crystal Enterprise
Crystal Reports
Andrew Buttner
Jonathan Baker
2004-0204
modified wrt-400 - Changed datatype to int was incorrectly set to binary
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx
DRAFT
0
Microsoft Windows 2000
COM Internet Services
Christine Walzer
2005-0047
DRAFT
INTERIM
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability.
INTERIM
0
Microsoft Windows Server 2003
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0571
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-0901
ACCEPTED
1
Microsoft Windows XP
Windows Media Player 9
Christine Walzer
2005-0044
DRAFT
INTERIM
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability.
INTERIM
0
Microsoft Windows XP
HTML Help Facility
Andrew Buttner
Andrew Buttner
Christine Walzer
2003-1041
added the unregistered HTML Help criterion to the configuration section of the criteria
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CAN-2004-0475
ACCEPTED
1
Microsoft Windows Server 2003
Distributed Component Object Model (DCOM) interface
Christine Walzer
Christine Walzer
2003-0715
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0528
ACCEPTED
1
Sun Solaris 8
mozilla
Brian Soby
2004-0760
DRAFT
INTERIM
ACCEPTED
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI
ACCEPTED
1
Microsoft Windows 2000
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0901
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CAN-2004-0571
ACCEPTED
1
Microsoft Windows XP
Christine Walzer
2003-0112
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger
ACCEPTED
1
Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
Sadmin
Brian Soby
2003-0722
Added check for sadmind called with strong authentication
DRAFT
INTERIM
ACCEPTED
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets
ACCEPTED
1
Microsoft Windows 98
Program Group Converter
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Microsoft Windows 98
Internet Explorer 6
Internet Explorer 6 SP1
Ingrid Skoog
Ingrid Skoog
2004-1050
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Windows Animated Cursor
Christine Walzer
Christine Walzer
2004-1305
DRAFT
INTERIM
ACCEPTED
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang
ACCEPTED
1
Microsoft Windows XP
Windows Media Player 9
Christine Walzer
2004-1244
Added vulnerable configuration
modified wrt-169 - fixed version
modified wrt-169 - fixed pattern match
modified wrt-174 - modified name
modified wrt-175 - modified name
modified wrt-176 - modified name
modified wrt-177 - modified name
modified wrt-178 - modified name
DRAFT
INTERIM
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability.
INTERIM
0
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2005-0054
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability.
DRAFT
0
Microsoft Windows NT
Windows kernel
Christine Walzer
Christine Walzer
2004-0893
DRAFT
INTERIM
ACCEPTED
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
IIS 5.0
Jonathan Baker
2003-0718
DRAFT
INTERIM
ACCEPTED
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes
ACCEPTED
1
Microsoft Windows 2000
Christine Walzer
2002-0862
Added superceding patch info.
Changed to DRAFT
modified wrt-222 - changed pattern match
INTERIM
ACCEPTED
INTERIM
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS
INTERIM
0
Microsoft Windows Server 2003
Microsoft Internet Explorer 6.0 for Windows Server 2003
Harvey Rubinovitz
2005-0053
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability.
DRAFT
0
Microsoft Windows NT
Internet Explorer 6
Tiffany Bergeron
Tiffany Bergeron
2004-0212
INTERIM
ACCEPTED
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share
ACCEPTED
0
Red Hat Enterprise Linux 3
FreeRADIUS
Jay Beale
2004-0938
DRAFT
INTERIM
ACCEPTED
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Charles Schmidt
Charles Schmidt
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows NT
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0571
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-0901
ACCEPTED
1
Microsoft Windows XP
IIS 5.1
Jonathan Baker
2003-0718
DRAFT
INTERIM
ACCEPTED
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes
ACCEPTED
1
Sun Solaris 7
CDE
Brian Soby
2004-0368
Added patch 107180-31 test for Solaris 7. Changed vulnerable software test logic a little
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet
ACCEPTED
1
Microsoft Windows NT
Christine Walzer
2002-1183
Added superceding patch info.
Changed to DRAFT
INTERIM
ACCEPTED
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862)
ACCEPTED
0
Sun Solaris 9
Samba
Brian Soby
2002-1318
DRAFT
INTERIM
ACCEPTED
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string
ACCEPTED
1
Sun Solaris 7
libpng
Brian Soby
2004-0599
DRAFT
INTERIM
ACCEPTED
Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image
ACCEPTED
1
Microsoft Windows 2000
HTML Help Facility
Andrew Buttner
Andrew Buttner
2004-0201
INTERIM
ACCEPTED
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CAN-2003-1041
ACCEPTED
0
Microsoft Windows NT
VDM
Ingrid Skoog
Ingrid Skoog
2004-0118
ACCEPTED
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code
ACCEPTED
2
Microsoft Windows XP
HTML Help Facility
Andrew Buttner
Andrew Buttner
Christine Walzer
2004-0201
added the unregistered HTML Help criterion to the configuration section of the criteria
cmp-66 added
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CAN-2003-1041
ACCEPTED
1
Microsoft Windows Server 2003
Windows Internet Naming Service (WINS)
Matthew Burton
2004-1080
DRAFT
INTERIM
ACCEPTED
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Windows kernel
Christine Walzer
Christine Walzer
2004-0893
DRAFT
INTERIM
ACCEPTED
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6 SP1
Harvey Rubinovitz
2004-0839
DRAFT
INTERIM
ACCEPTED
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html"
ACCEPTED
1
Microsoft Windows Server 2003
Windows Media Player 9
Christine Walzer
2004-1244
changed product affected
modified wrt-169 - fixed version
modified wrt-169 - fixed pattern match
modified wrt-174 - modified name
modified wrt-175 - modified name
modified wrt-176 - modified name
modified wrt-177 - modified name
modified wrt-178 - modified name
DRAFT
INTERIM
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability.
INTERIM
0
Microsoft Windows XP
Windows kernel
Christine Walzer
Christine Walzer
2004-0893
DRAFT
INTERIM
ACCEPTED
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Windows Shell
Andrew Buttner
2004-0214
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba
ACCEPTED
1
Microsoft Windows XP
HyperTerminal
Harvey Rubinovitz
Harvey Rubinovitz
2004-0568
Change OS test to include XP gold in addition to XP SP1
modified wft-175 - Access DLL via HKLM
DRAFT
INTERIM
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow
INTERIM
0
Microsoft Windows XP
SMB (Server Message Block)
Christine Walzer
2005-0045
DRAFT
INTERIM
The Server Message Block (SMB) implementation for Windows 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields
INTERIM
0
Microsoft Windows Server 2003
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0901
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CAN-2004-0571
ACCEPTED
1
Microsoft Windows XP
Jonathan Baker
Jonathan Baker
2004-1319
DRAFT
INTERIM
ACCEPTED
The DHTML Edit Control (dhtmled.ocx) in Internet Explorer 6.0.2900.2180 allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent.
ACCEPTED
1
Sun Solaris 8
Sun Enterprise Storage Manager (ESM)
Brian Soby
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows NT
VDM
Ingrid Skoog
Ingrid Skoog
2004-0118
ACCEPTED
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code
ACCEPTED
2
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Visual Studio .NET 2003
Ingrid Skoog
2004-0200
changed affected platforms
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
2005-0054
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability.
DRAFT
0
Microsoft Windows NT
Windows Shell
Andrew Buttner
2004-0214
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba
ACCEPTED
1
Microsoft Windows XP
Microsoft Windows Server 2003
VDM
Ingrid Skoog
2004-0208
fixed OS
DRAFT
INTERIM
ACCEPTED
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions
ACCEPTED
1
Microsoft Windows XP
Task Scheduler
Tiffany Bergeron
Tiffany Bergeron
Christine Walzer
2004-0212
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Andrew Buttner
Andrew Buttner
2003-1048
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image
ACCEPTED
1
Microsoft Windows 2000
Negotiate SSP interface
Ingrid Skoog
Jonathan Baker
2004-0119
modified wft-345 - Addded a space in the registry key component of the file path
INTERIM
ACCEPTED
INTERIM
ACCEPTED
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection
ACCEPTED
2
Microsoft Windows XP
Distributed Component Object Model (DCOM) interface
Christine Walzer
Christine Walzer
2003-0715
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0528
ACCEPTED
1
Microsoft Windows XP
Program Group Converter
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Microsoft Windows XP
Program Group Converter
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Sun Solaris 7
NIS
Brian Soby
Brian Soby
2001-1328
DRAFT
INTERIM
ACCEPTED
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows Server 2003
SMB (Server Message Block)
Christine Walzer
2005-0045
DRAFT
INTERIM
The Server Message Block (SMB) implementation for Windows 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields
INTERIM
0
Microsoft Windows NT
NetDDE
Jonathan Baker
2004-0206
DRAFT
INTERIM
ACCEPTED
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow
ACCEPTED
1
Microsoft Windows XP
Enhanced Metafile (EMF)
Ingrid Skoog
2004-0209
DRAFT
INTERIM
ACCEPTED
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer.
ACCEPTED
1
Sun Solaris 7
dtspcd
Brian Soby
1999-0689
DRAFT
INTERIM
ACCEPTED
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack
ACCEPTED
1
Microsoft Windows XP
Windows kernel
Christine Walzer
Christine Walzer
2004-0893
DRAFT
INTERIM
ACCEPTED
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability.
ACCEPTED
1
Microsoft Windows Server 2003
Local Security Authority Subsystem Service (LSASS)
Christine Walzer
2004-0894
DRAFT
INTERIM
ACCEPTED
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program
ACCEPTED
1
Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
CDE
Brian Soby
2003-0092
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable
ACCEPTED
1
Microsoft Windows 2000
HTML Help Facility
Andrew Buttner
Andrew Buttner
2003-1041
INTERIM
ACCEPTED
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CAN-2004-0475
ACCEPTED
0
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Outlook Express
Jonathan Baker
2004-0215
DRAFT
INTERIM
ACCEPTED
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header
ACCEPTED
1
Microsoft Windows XP
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0571
modified wft-123 - Changed/Corrected literal path
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-0901
ACCEPTED
1
Microsoft Windows Server 2003
Ingrid Skoog
Ingrid Skoog
2004-0119
INTERIM
ACCEPTED
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection
ACCEPTED
1
Microsoft Windows XP
Task Scheduler
Tiffany Bergeron
Tiffany Bergeron
2004-0212
added compound tests
INTERIM
ACCEPTED
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share
ACCEPTED
0
Microsoft Windows XP
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0571
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-0901
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Apache
Brian Soby
2004-0174
Changed apache test to file test
Changed apache test to package test
DRAFT
INTERIM
ACCEPTED
Apache before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket.
ACCEPTED
1
Microsoft Windows XP
Negotiate SSP interface
Ingrid Skoog
Ingrid Skoog
Christine Walzer
2004-0119
cmp-66 added
ACCEPTED
INTERIM
ACCEPTED
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection
ACCEPTED
1
Sun Solaris 7
Solaris Enterprise Authentication Mechanism (SEAM)
Brian Soby
2004-0523
Changed two unknown tests for kerberos configuration to Solaris text file contents tests
DRAFT
INTERIM
ACCEPTED
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root
ACCEPTED
1
Microsoft Windows XP
Windows kernel
Christine Walzer
Christine Walzer
2004-0893
DRAFT
INTERIM
ACCEPTED
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability.
ACCEPTED
1
Sun Solaris 7
Bind
Brian Soby
2003-0914
modified sat-10 - Changed test to pattern match to check for 64bit version of Core Solaris
modified sat-10 - Changed regular expression to properly check for 64bit package
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value
ACCEPTED
2
Microsoft Windows NT
Christine Walzer
2004-0203
DRAFT
INTERIM
ACCEPTED
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query
ACCEPTED
1
Microsoft Windows NT
Christine Walzer
Christine Walzer
2003-0112
INTERIM
ACCEPTED
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger
ACCEPTED
0
Sun Solaris 7
login
Brian Soby
Brian Soby
2001-0797
DRAFT
INTERIM
ACCEPTED
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin
ACCEPTED
1
Microsoft Windows XP
Local Security Authority Subsystem Service (LSASS)
Christine Walzer
2004-0894
DRAFT
INTERIM
ACCEPTED
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program
ACCEPTED
1
Sun Solaris 9
pam_krb5
Brian Soby
2004-0653
Changed all unknown tests to solaris file contents tests
DRAFT
INTERIM
ACCEPTED
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
2004-0839
DRAFT
INTERIM
ACCEPTED
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html"
ACCEPTED
1
Sun Solaris 7
Bind
Brian Soby
2002-1221
DRAFT
INTERIM
ACCEPTED
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Internet Explorer 5.5 Service Pack 2
Andrew Buttner
Andrew Buttner
2003-1048
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image
ACCEPTED
1
Microsoft Windows NT
Christine Walzer
2002-1183
Added superceding patch info.
Changed to DRAFT
INTERIM
ACCEPTED
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862)
ACCEPTED
0
Microsoft Windows 2000
Enhanced Metafile (EMF)
Ingrid Skoog
2004-0209
DRAFT
INTERIM
ACCEPTED
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer.
ACCEPTED
1
Microsoft Windows Server 2003
Indexing Service
Harvey Rubinovitz
2004-0897
DRAFT
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack
DRAFT
0
Microsoft Windows 2000
Microsoft Outlook Express
Jonathan Baker
2004-0215
DRAFT
INTERIM
ACCEPTED
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header
ACCEPTED
1
Sun Solaris 9
Kerberos5
Brian Soby
2004-0644
Changed kerberos unknown test to solaris file contents test
DRAFT
INTERIM
ACCEPTED
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding
ACCEPTED
1
Microsoft Windows Server 2003
HTML Help Facility
Andrew Buttner
Andrew Buttner
2004-0201
INTERIM
ACCEPTED
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CAN-2003-1041
ACCEPTED
0
Sun Solaris 9
Samba
Brian Soby
2003-0201
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows NT
POSIX
Ingrid Skoog
Ingrid Skoog
2004-0210
INTERIM
ACCEPTED
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow
ACCEPTED
0
Sun Solaris 9
Sendmail
Brian Soby
2002-0906
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server
ACCEPTED
1
Microsoft Windows XP
DirectX
Tiffany Bergeron
Tiffany Bergeron
2004-0202
Added cmp-966 to test for vulnerable versions of DirectX
Re-added cmp-966
Added the negate attribute with a value of 'true' to the subtest elements referencing patch installations.
INTERIM
ACCEPTED
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet
ACCEPTED
1
Microsoft Windows NT
IIS 4.0
David Proulx
David Proulx
2004-0205
INTERIM
ACCEPTED
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function
ACCEPTED
0
Microsoft Windows XP
Internet Explorer 6
Harvey Rubinovitz
2004-0845
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site
ACCEPTED
1
Microsoft Windows XP
Internet Explorer 6
Christine Walzer
Christine Walzer
2004-0420
INTERIM
ACCEPTED
INTERIM
ACCEPTED
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP
ACCEPTED
1
Microsoft Windows NT
Christine Walzer
Christine Walzer
2003-0112
INTERIM
ACCEPTED
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger
ACCEPTED
0
Microsoft Windows NT
DHCP
Ingrid Skoog
Ingrid Skoog
2004-0899
Corrected the patch number being checked
negated the patch check
DRAFT
INTERIM
ACCEPTED
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Jonathan Baker
Jonathan Baker
2005-0051
DRAFT
INTERIM
ACCEPTED
Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability.
ACCEPTED
1
Microsoft Windows Server 2003
SMTP
Christine Walzer
2004-0840
DRAFT
INTERIM
ACCEPTED
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated
ACCEPTED
1
Microsoft Windows XP
COM Internet Services
Christine Walzer
2005-0047
DRAFT
INTERIM
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability.
INTERIM
0
Sun Solaris 7
libpng
Brian Soby
2004-0597
DRAFT
INTERIM
ACCEPTED
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking
ACCEPTED
1
Microsoft Windows 2000
Windows Media Player 9
Christine Walzer
2004-1244
modified wrt-169 - fixed version
modified wrt-169 - fixed pattern match
modified wrt-174 - modified name
modified wrt-175 - modified name
modified wrt-176 - modified name
modified wrt-177 - modified name
modified wrt-178 - modified name
DRAFT
INTERIM
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability.
INTERIM
0
Microsoft Windows Server 2003
Internet Explorer 6
Christine Walzer
Christine Walzer
2004-0420
INTERIM
ACCEPTED
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP
ACCEPTED
0
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
2005-0056
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability.
DRAFT
0
Microsoft Windows NT
NetDDE
Jonathan Baker
2004-0206
DRAFT
INTERIM
ACCEPTED
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow
ACCEPTED
1
Microsoft Windows XP
DirectX
Tiffany Bergeron
Tiffany Bergeron
Christine Walzer
2004-0202
Changed Status to Draft; Added cmp-967
Added the negate attribute with a value of 'true' to the subtest elements referencing patch installations.
INTERIM
ACCEPTED
INTERIM
ACCEPTED
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet
ACCEPTED
2
Sun Solaris 8
mozilla
Brian Soby
2004-0764
DRAFT
INTERIM
ACCEPTED
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files
ACCEPTED
1
Sun Solaris 7
NIS
Brian Soby
2002-1199
DRAFT
INTERIM
ACCEPTED
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments
ACCEPTED
1
Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
Basic Security Module
Brian Soby
2004-0654
DRAFT
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic)
DRAFT
0
Microsoft Windows XP
Microsoft Windows Server 2003
Enhanced Metafile (EMF)
Ingrid Skoog
2004-0209
changed OS
DRAFT
INTERIM
ACCEPTED
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer.
ACCEPTED
1
Microsoft Windows XP
Indexing Service
Harvey Rubinovitz
2004-0897
DRAFT
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack
DRAFT
0
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
Harvey Rubinovitz
2004-0844
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Harvey Rubinovitz
2004-0843
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Utility Manager
Jonathan Baker
Jonathan Baker
2004-0213
INTERIM
ACCEPTED
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CAN-2003-0908
ACCEPTED
0
Microsoft Windows NT
Remote Procedure Call (RPC)
Matthew Burton
2004-0569
DRAFT
INTERIM
ACCEPTED
The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values
ACCEPTED
1
Microsoft Windows Server 2003
DirectX
Tiffany Bergeron
Tiffany Bergeron
2004-0202
Changed Status to Draft; Added cmp-969
Added the negate attribute with a value of 'true' to the subtest elements referencing patch installations.
INTERIM
ACCEPTED
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet
ACCEPTED
1
Sun Solaris 8
Kerberos5
Brian Soby
2003-0082
DRAFT
INTERIM
ACCEPTED
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun")
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2004-0843
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability.
ACCEPTED
1
Sun Solaris 7
Bind
Brian Soby
2002-1219
DRAFT
INTERIM
ACCEPTED
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR)
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Matthew Burton
2004-1080
DRAFT
INTERIM
ACCEPTED
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability.
ACCEPTED
1
Microsoft Windows XP
HyperTerminal
Harvey Rubinovitz
Harvey Rubinovitz
2004-0568
modified wft-176 - access DLL via HKLM
DRAFT
INTERIM
ACCEPTED
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow
ACCEPTED
1
Microsoft Windows XP
Hyperlink Object Library
Andrew Buttner
2005-0057
DRAFT
INTERIM
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow
INTERIM
0
Sun Solaris 7
libpng
Brian Soby
2004-0598
DRAFT
INTERIM
ACCEPTED
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference
ACCEPTED
1
Microsoft Windows Server 2003
Windows Animated Cursor
Christine Walzer
Christine Walzer
2004-1305
DRAFT
INTERIM
ACCEPTED
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Sun Cluster
Brian Soby
2003-0545
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding
ACCEPTED
1
Sun Solaris 7
kcms_server
Brian Soby
2003-0027
DRAFT
INTERIM
ACCEPTED
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure
ACCEPTED
1
Microsoft Windows XP
Internet Explorer 6
Harvey Rubinovitz
2004-0841
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability.
ACCEPTED
1
Sun Solaris 8
Sun Crypto Accelerator 4000
Brian Soby
2004-0079
DRAFT
INTERIM
ACCEPTED
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference
ACCEPTED
1
Microsoft Windows 98
Windows Shell
Andrew Buttner
2004-0214
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba
ACCEPTED
1
Microsoft Windows Server 2003
Jonathan Baker
2004-0215
DRAFT
INTERIM
ACCEPTED
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header
ACCEPTED
1
Sun Solaris 7
Sun Am7990 Ethernet Driver
Brian Soby
2003-0001
DRAFT
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak
DRAFT
0
Microsoft Windows 2000
Microsoft Office 2000 SP3
Christine Walzer
Ingrid Skoog
2004-0573
modified wft-489 - corrected registry path check for .dll file
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website
ACCEPTED
2
Microsoft Windows 2000
Christine Walzer
2002-0862
negated patch info.
Added superceding patch info.
Changed to DRAFT
INTERIM
ACCEPTED
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS
ACCEPTED
0
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Excel 2000
Matthew Burton
2004-0846
DRAFT
INTERIM
ACCEPTED
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
2005-0055
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability.
DRAFT
0
Microsoft Windows XP
Microsoft Windows Server 2003
DirectX
Tiffany Bergeron
Tiffany Bergeron
2004-0202
Changed Status to Draft; Added cmp-970
Added the negate attribute with a value of 'true' to the subtest elements referencing patch installations.
INTERIM
ACCEPTED
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office 2003
Ingrid Skoog
2004-0200
changed affected product from GDI+ and office2003 to just office 2003
modified wft-495 - corrected registry path check for .dll file
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
2
Sun Solaris 9
OpenSSH
Brian Soby
2003-0693
DRAFT
INTERIM
ACCEPTED
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CAN-2003-0695
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
MDAC 2.5
Ingrid Skoog
Andrew Buttner
2002-1142
removed the test for windows NT and added a test for MDAC 2.5 since this definition is dependent on the MDAC version and not the platform
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub
ACCEPTED
2
Microsoft Windows NT
Matthew Burton
Matthew Burton
2004-1080
DRAFT
INTERIM
ACCEPTED
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Program Group Converter
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Sun Solaris 9
CDE
Brian Soby
2002-0678
modified sat-6 - Changed test to pattern match and added check for 64bit version
modified sat-6 - Changed regular expression test to properly check for 64bit package
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure
ACCEPTED
2
Sun Solaris 9
fs.auto, xfs
Brian Soby
2002-1317
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6.0 for Windows Server 2003
Harvey Rubinovitz
2005-0056
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability.
DRAFT
0
Red Hat Enterprise Linux 3
Linux kernel
Jay Beale
2004-0427
DRAFT
INTERIM
ACCEPTED
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call
ACCEPTED
1
Microsoft Windows 2000
Windows 2000
Matthew Burton
Matthew Burton
2004-1043
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
POSIX
Ingrid Skoog
Ingrid Skoog
2004-0210
INTERIM
ACCEPTED
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow
ACCEPTED
0
Microsoft Windows XP
Distributed Component Object Model (DCOM) interface
Christine Walzer
Christine Walzer
2003-0528
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0715
ACCEPTED
1
Microsoft Windows XP
Internet Explorer 6
Christine Walzer
Christine Walzer
2004-0420
INTERIM
ACCEPTED
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP
ACCEPTED
0
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2004-0842
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability.
ACCEPTED
1
Red Hat Enterprise Linux 3
Linux kernel
Jay Beale
2004-0554
DRAFT
INTERIM
ACCEPTED
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program
ACCEPTED
1
Microsoft Windows 2000
Windows Media Player 9
Christine Walzer
2005-0044
DRAFT
INTERIM
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability.
INTERIM
0
Microsoft Windows XP
Microsoft Internet Explorer 6
Harvey Rubinovitz
2005-0053
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability.
DRAFT
0
Microsoft Windows XP
Cursor and Icon Formatting
Christine Walzer
Christine Walzer
2004-1049
DRAFT
INTERIM
ACCEPTED
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability.
ACCEPTED
1
Red Hat Enterprise Linux 3
Linux kernel
Jay Beale
2004-0495
DRAFT
INTERIM
ACCEPTED
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool
ACCEPTED
1
Microsoft Windows XP
Distributed Component Object Model (DCOM) interface
Christine Walzer
Christine Walzer
2003-0528
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0715
ACCEPTED
1
Sun Solaris 7
Sendmail
Brian Soby
Brian Soby
2003-0694
DRAFT
INTERIM
ACCEPTED
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
2005-0053
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability.
DRAFT
0
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Project Professional 2002
Ingrid Skoog
2004-0200
Changed affected platforms
modified wft-496 - corrected registry path check
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
2
Microsoft Windows XP
Jonathan Baker
Jonathan Baker
2005-0051
DRAFT
INTERIM
ACCEPTED
Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability.
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
2005-0054
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability.
DRAFT
0
Microsoft Windows NT
Program Group Converter
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Sun Solaris 7
CDE
Brian Soby
1999-0691
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Visio Professional 2002
Ingrid Skoog
2004-0200
Changed affected platforms
modified wft-496 - corrected registry path check
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
2
Microsoft Windows XP
Explorer.exe
Ingrid Skoog
Ingrid Skoog
2003-0306
INTERIM
ACCEPTED
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter
ACCEPTED
0
Microsoft Windows NT
Cursor and Icon Formatting
Christine Walzer
Christine Walzer
2004-1049
DRAFT
INTERIM
ACCEPTED
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
NetDDE
Jonathan Baker
2004-0206
DRAFT
INTERIM
ACCEPTED
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow
ACCEPTED
1
Sun Solaris 8
mozilla
Brian Soby
2004-0758
DRAFT
INTERIM
ACCEPTED
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6.0 for Windows Server 2003
Harvey Rubinovitz
2005-0055
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability.
DRAFT
0
Microsoft Windows Server 2003
HyperTerminal
Harvey Rubinovitz
2004-0568
modified wrt-44 -
modified wft-169 - Change to access dll via HKLM
DRAFT
INTERIM
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow
INTERIM
0
Microsoft Windows 2000
Christine Walzer
Christine Walzer
2003-0112
Changed to DRAFT
INTERIM
ACCEPTED
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger
ACCEPTED
0
Microsoft Windows XP
VDM
Ingrid Skoog
2004-0208
DRAFT
INTERIM
ACCEPTED
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions
ACCEPTED
1
Microsoft Windows NT
HTML Help Facility
Andrew Buttner
Andrew Buttner
2004-0201
INTERIM
ACCEPTED
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CAN-2003-1041
ACCEPTED
0
Microsoft Windows XP
Microsoft Internet Explorer 6
Harvey Rubinovitz
2005-0054
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability.
DRAFT
0
Microsoft Windows Server 2003
Hyperlink Object Library
Christine Walzer
Christine Walzer
2005-0057
DRAFT
INTERIM
ACCEPTED
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow
ACCEPTED
1
Microsoft Windows 2000
Windows Animated Cursor
Christine Walzer
Christine Walzer
2004-1305
DRAFT
INTERIM
ACCEPTED
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang
ACCEPTED
1
Microsoft Windows Server 2003
Cursor and Icon Formatting
Christine Walzer
Christine Walzer
2004-1049
DRAFT
INTERIM
ACCEPTED
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability.
ACCEPTED
1
Microsoft Windows XP
NetDDE
Jonathan Baker
2004-0206
DRAFT
INTERIM
ACCEPTED
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow
ACCEPTED
1
Sun Solaris 8
mozilla
Brian Soby
2004-0757
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code
ACCEPTED
1
Microsoft Windows NT
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0901
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CAN-2004-0571
ACCEPTED
1
Microsoft Windows XP
Microsoft Office 2003
Christine Walzer
Ingrid Skoog
2004-0573
modified wft-489 - corrected registry path check for .dll file
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website
ACCEPTED
2
Microsoft Windows XP
Local Security Authority Subsystem Service (LSASS)
Ingrid Skoog
Ingrid Skoog
2004-0894
DRAFT
INTERIM
ACCEPTED
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Internet Explorer 6 Service Pack 1
Harvey Rubinovitz
2005-0056
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability.
DRAFT
0
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Visio Professional 2003
Ingrid Skoog
2004-0200
Changed affected platforms
modified wft-495 - corrected registry path check for .dll file
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
2
Sun Solaris 9
Kerberos5
Brian Soby
2004-0643
Changed kerberos unknown test to solaris file contents test
DRAFT
INTERIM
ACCEPTED
Double-free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code
ACCEPTED
1
Microsoft Windows XP
Local Security Authority Subsystem Service (LSASS)
Christine Walzer
Christine Walzer
2004-0894
DRAFT
INTERIM
ACCEPTED
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program
ACCEPTED
1
Microsoft Windows XP
Microsoft Office XP SP3
Christine Walzer
Christine Walzer
Ingrid Skoog
2004-0573
modified wft-489 - corrected registry path check for .dll file
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website
ACCEPTED
2
Microsoft Windows NT
Cursor and Icon Formatting
Christine Walzer
Christine Walzer
2004-1049
DRAFT
INTERIM
ACCEPTED
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability.
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
2004-0842
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Microsoft Outlook Express
Jonathan Baker
Christine Walzer
2004-0215
cmp-66 added
DRAFT
INTERIM
ACCEPTED
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6
Christine Walzer
2004-0420
DRAFT
INTERIM
ACCEPTED
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP
ACCEPTED
1
Microsoft Windows XP
SMB (Server Message Block)
Ingrid Skoog
2003-0345
INTERIM
ACCEPTED
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required
ACCEPTED
0
Microsoft Windows 2000
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0571
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-0901
ACCEPTED
1
Microsoft Windows 2000
Task Scheduler
Tiffany Bergeron
Tiffany Bergeron
2004-0212
INTERIM
ACCEPTED
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share
ACCEPTED
0
Microsoft Windows Server 2003
SMTP
Christine Walzer
2004-0840
DRAFT
INTERIM
ACCEPTED
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated
ACCEPTED
1
Microsoft Windows XP
Jonathan Baker
Jonathan Baker
2004-1319
DRAFT
INTERIM
ACCEPTED
The DHTML Edit Control (dhtmled.ocx) in Internet Explorer 6.0.2900.2180 allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent.
ACCEPTED
1
Sun Solaris 9
Solaris Volume Manager (SVM)
Brian Soby
DRAFT
INTERIM
ACCEPTED
ACCEPTED
1
Microsoft Windows XP
NetBT Name Service
Ingrid Skoog
2003-0661
INTERIM
ACCEPTED
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information
ACCEPTED
0
Microsoft Windows Server 2003
HTML Help Facility
Andrew Buttner
Andrew Buttner
2003-1041
INTERIM
ACCEPTED
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CAN-2004-0475
ACCEPTED
0
Microsoft Windows XP
Internet Explorer 6
Christine Walzer
Christine Walzer
2004-0420
INTERIM
ACCEPTED
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP
ACCEPTED
0
Microsoft Windows Server 2003
OLE
Christine Walzer
2005-0044
Added registry check to include three platforms
DRAFT
INTERIM
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability.
INTERIM
0
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows NT
MDAC 2.1
Ingrid Skoog
Andrew Buttner
2002-1142
removed the test for windows NT and added a test for MDAC 2.1 since this definition is dependent on the MDAC version and not the platform
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub
ACCEPTED
2
Microsoft Windows NT
DHCP
Ingrid Skoog
Ingrid Skoog
2004-0900
DRAFT
INTERIM
ACCEPTED
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6 SP1
Harvey Rubinovitz
2005-0054
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability.
DRAFT
0
Sun Solaris 7
Solaris Runtime Linker
Brian Soby
Brian Soby
2003-0609
DRAFT
INTERIM
ACCEPTED
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable
ACCEPTED
1
Sun Solaris 8
mozilla
Brian Soby
2004-0761
DRAFT
INTERIM
ACCEPTED
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted
ACCEPTED
1
Microsoft Windows NT
Internet Explorer 6
Christine Walzer
2004-0420
DRAFT
INTERIM
ACCEPTED
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP
ACCEPTED
1
Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
Sendmail
Brian Soby
2003-0681
DRAFT
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences
DRAFT
0
Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
priocntl()
Brian Soby
2002-1296
DRAFT
INTERIM
ACCEPTED
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module
ACCEPTED
1
Red Hat Enterprise Linux 3
libpng
Jay Beale
2002-1363
DRAFT
INTERIM
ACCEPTED
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers
ACCEPTED
1
Microsoft Windows Server 2003
Windows Internet Naming Service (WINS)
Matthew Burton
2004-1080
DRAFT
INTERIM
ACCEPTED
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Help and Support Center (HSC)
Christine Walzer
Christine Walzer
2003-0711
DRAFT
INTERIM
ACCEPTED
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0571
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-0901
ACCEPTED
1
Microsoft Windows ME
Program Group Converter
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Microsoft Windows ME
Internet Explorer 5.5 Service Pack 2
Harvey Rubinovitz
Harvey Rubinovitz
2004-0839
DRAFT
INTERIM
ACCEPTED
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html"
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Apache
Brian Soby
2003-0542
DRAFT
INTERIM
ACCEPTED
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Project Professional 2003
Ingrid Skoog
2004-0200
Changed affected platforms
modified wft-495 - corrected registry path check for .dll file
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
2
Microsoft Windows XP
Windows Shell
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Microsoft Windows 2000
Jonathan Baker
Jonathan Baker
2004-1319
DRAFT
INTERIM
ACCEPTED
The DHTML Edit Control (dhtmled.ocx) in Internet Explorer 6.0.2900.2180 allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent.
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
2004-0845
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office XP SP2
Ingrid Skoog
2004-0200
modified wft-496 - corrected registry path check
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
2
Microsoft Windows XP
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0901
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CAN-2004-0571
ACCEPTED
1
Microsoft Windows XP
Christine Walzer
Christine Walzer
2003-0711
DRAFT
INTERIM
ACCEPTED
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2005-0055
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability.
DRAFT
0
Microsoft Windows Server 2003
Compressed Folders
David Proulx
Jonathan Baker
2004-0575
modified wrt-554 - corrected regular exprsssion on value. Needed to escape the period in the file name and change the *'s to .*
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation
ACCEPTED
2
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
Harvey Rubinovitz
2004-0843
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability.
ACCEPTED
1
Microsoft Windows NT
VDM
Ingrid Skoog
2004-0208
DRAFT
INTERIM
ACCEPTED
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions
ACCEPTED
1
Microsoft Windows NT
Windows Animated Cursor
Christine Walzer
Christine Walzer
2004-1305
DRAFT
INTERIM
ACCEPTED
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang
ACCEPTED
1
Microsoft Windows Server 2003
Distributed Component Object Model (DCOM) interface
Christine Walzer
Christine Walzer
2003-0528
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0715
ACCEPTED
1
Microsoft Windows NT
HyperTerminal
Harvey Rubinovitz
Harvey Rubinovitz
2004-0568
modified wft-226 - access DLL via HKLM
DRAFT
INTERIM
ACCEPTED
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow
ACCEPTED
1
Sun Solaris 8
mozilla
Brian Soby
2004-0763
DRAFT
INTERIM
ACCEPTED
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method
ACCEPTED
1
Microsoft Windows XP
GDI+
Ingrid Skoog
2004-0200
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
1
Microsoft Windows XP
Microsoft Office XP SP2
Ingrid Skoog
Ingrid Skoog
2004-0573
modified wft-489 - corrected registry path check for .dll file
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website
ACCEPTED
2
Microsoft Windows NT
Windows kernel
Christine Walzer
Christine Walzer
2004-0893
DRAFT
INTERIM
ACCEPTED
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability.
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
DtMail
Brian Soby
2004-0800
DRAFT
INTERIM
ACCEPTED
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value
ACCEPTED
1
Microsoft Windows 2000
SMB (Server Message Block)
Christine Walzer
2005-0045
DRAFT
INTERIM
The Server Message Block (SMB) implementation for Windows 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields
INTERIM
0
Sun Solaris 7
bash, tcsh, cash, sh, ksh
Brian Soby
2000-1134
DRAFT
INTERIM
ACCEPTED
tcsh, csh, sh, and bash on various Unix systems follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0901
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CAN-2004-0571
ACCEPTED
1
Microsoft Windows XP
Microsoft Internet Explorer 6
Harvey Rubinovitz
2005-0056
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability.
DRAFT
0
Sun Solaris 7
lpstat, libprint
Brian Soby
2003-0999
DRAFT
INTERIM
ACCEPTED
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Apache
Brian Soby
2003-0020
Change apache test to file test
Changed apache test to package test
DRAFT
INTERIM
ACCEPTED
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2004-0839
DRAFT
INTERIM
ACCEPTED
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html"
ACCEPTED
1
Microsoft Windows XP
Internet Explorer 6
Harvey Rubinovitz
2004-0842
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability.
ACCEPTED
1
Sun Solaris 7
Bind
Brian Soby
2002-0651
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers
ACCEPTED
1
Microsoft Windows 2000
Internet Explorer 6 SP1
Ingrid Skoog
2004-0200
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
1
Microsoft Windows XP
Distributed Component Object Model (DCOM) interface
Christine Walzer
Christine Walzer
2003-0715
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0528
ACCEPTED
1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Excel 2002
Matthew Burton
2004-0846
DRAFT
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated
DRAFT
0
Microsoft Windows Server 2003
Program Group Converter
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Sun Cluster
Brian Soby
2003-0543
DRAFT
INTERIM
ACCEPTED
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values
ACCEPTED
1
Microsoft Windows 2000
ISA Server 2000
Christine Walzer
2004-0892
DRAFT
INTERIM
ACCEPTED
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results
ACCEPTED
1
Microsoft Windows Server 2003
Compressed Folders
David Proulx
Jonathan Baker
2004-0575
modified wrt-554 - corrected regular exprsssion on value. Needed to escape the period in the file name and change the *'s to .*
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation
ACCEPTED
2
Microsoft Windows NT
DHCP
Ingrid Skoog
Ingrid Skoog
2004-0899
DRAFT
INTERIM
ACCEPTED
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability.
ACCEPTED
1
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Visual Studio .NET 2002
Ingrid Skoog
2004-0200
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation
ACCEPTED
1
Microsoft Windows 2000
VDM
Ingrid Skoog
2004-0208
DRAFT
INTERIM
ACCEPTED
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions
ACCEPTED
1
Microsoft Windows NT
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0571
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CAN-2004-0901
ACCEPTED
1
Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
cachefsd
Brian Soby
2002-0085
DRAFT
INTERIM
ACCEPTED
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request
ACCEPTED
1
Microsoft Windows 2000
Windows Shell
Andrew Buttner
2004-0214
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
Harvey Rubinovitz
2004-0841
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Local Security Authority Subsystem Service (LSASS)
Christine Walzer
Christine Walzer
2004-0894
DRAFT
INTERIM
ACCEPTED
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program
ACCEPTED
1
Microsoft Windows NT
Matthew Burton
Matthew Burton
2004-1080
DRAFT
INTERIM
ACCEPTED
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability.
ACCEPTED
1
Sun Solaris 7
CDE
Brian Soby
1999-0693
DRAFT
INTERIM
ACCEPTED
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges
ACCEPTED
1
Sun Solaris 7
lpstat
Brian Soby
2003-0091
DRAFT
INTERIM
ACCEPTED
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege
ACCEPTED
1
Microsoft Windows Server 2003
Network News Transport Protocol (NNTP)
Christine Walzer
2004-0574
DRAFT
INTERIM
ACCEPTED
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows
ACCEPTED
1
Sun Solaris 8
mozilla
Brian Soby
2004-0762
DRAFT
INTERIM
ACCEPTED
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Apache
Brian Soby
2003-0987
Change apache test to file test
Changed apache test to package test
DRAFT
INTERIM
ACCEPTED
mod_digest for Apache does not properly verify the nonce of a client response by using a AuthNonce secret
ACCEPTED
1
Sun Solaris 7
Solaris Enterprise Authentication Mechanism (SEAM)
Brian Soby
2003-0082
DRAFT
INTERIM
ACCEPTED
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun")
ACCEPTED
1
Microsoft Windows Server 2003
Windows kernel
Christine Walzer
Christine Walzer
2004-0893
DRAFT
INTERIM
ACCEPTED
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability.
ACCEPTED
1
Microsoft Windows Server 2003
Program Group Converter
Andrew Buttner
2004-0572
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe
ACCEPTED
1
Microsoft Windows NT
HyperTerminal
Harvey Rubinovitz
Harvey Rubinovitz
2004-0568
modified wft-263 - access DLL via HKLM
DRAFT
INTERIM
ACCEPTED
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Sun Cluster
Brian Soby
2003-0544
DRAFT
INTERIM
ACCEPTED
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used
ACCEPTED
1
Microsoft Windows NT
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0901
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CAN-2004-0571
ACCEPTED
1
Microsoft Windows Server 2003
NetDDE
Jonathan Baker
2004-0206
DRAFT
INTERIM
ACCEPTED
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow
ACCEPTED
1
Sun Solaris 8
mozilla
Brian Soby
2004-0722
DRAFT
INTERIM
ACCEPTED
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code
ACCEPTED
1
Sun Solaris 9
Kerberos5
Brian Soby
2004-0772
DRAFT
INTERIM
ACCEPTED
Double-free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Apache
Brian Soby
2003-0993
Changes apache test to file test
Changed apache test to package test
DRAFT
INTERIM
ACCEPTED
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions
ACCEPTED
1
Microsoft Windows 2000
Cursor and Icon Formatting
Christine Walzer
Christine Walzer
2004-1049
DRAFT
INTERIM
ACCEPTED
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2004-0727
DRAFT
INTERIM
ACCEPTED
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows Server 2003
Help and Support Center (HSC)
Christine Walzer
Christine Walzer
2003-0711
DRAFT
INTERIM
ACCEPTED
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL
ACCEPTED
1
Sun Solaris 7
Sun RPC
Brian Soby
2002-0391
DRAFT
INTERIM
ACCEPTED
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd
ACCEPTED
1
Microsoft Windows 2000
HyperTerminal
Harvey Rubinovitz
Harvey Rubinovitz
2004-0568
modified wft-200 - access DLL via HKLM
DRAFT
INTERIM
ACCEPTED
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow
ACCEPTED
1
Microsoft Windows XP
Microsoft Word for Windows 6.0 Converter
Christine Walzer
Christine Walzer
2004-0901
DRAFT
INTERIM
ACCEPTED
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CAN-2004-0571
ACCEPTED
1
Sun Solaris 8
mozilla
Brian Soby
2004-0718
DRAFT
INTERIM
ACCEPTED
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability
ACCEPTED
1
Microsoft Windows Server 2003
Jonathan Baker
Jonathan Baker
2004-1319
DRAFT
INTERIM
ACCEPTED
The DHTML Edit Control (dhtmled.ocx) in Internet Explorer 6.0.2900.2180 allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent.
ACCEPTED
1
Microsoft Windows NT
VDM
Ingrid Skoog
2004-0208
DRAFT
INTERIM
ACCEPTED
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions
ACCEPTED
1
Microsoft Windows Server 2003
IIS 6.0
Jonathan Baker
2003-0718
DRAFT
INTERIM
ACCEPTED
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes
ACCEPTED
1
Microsoft Windows NT
Windows NT 4.0
Matthew Burton
2004-1080
DRAFT
INTERIM
ACCEPTED
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability.
ACCEPTED
1
Microsoft Windows NT
DHCP
Ingrid Skoog
Ingrid Skoog
2004-0900
DRAFT
INTERIM
ACCEPTED
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability.
ACCEPTED
1
Microsoft Windows NT
Proxy Server 2.0 SP1
Christine Walzer
2004-0892
DRAFT
INTERIM
ACCEPTED
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results
ACCEPTED
1
Sun Solaris 8
Sun Solaris 9
Apache
Brian Soby
2004-0492
Changed apache test to file test
Changed apache test to package test
DRAFT
INTERIM
ACCEPTED
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2005-0053
DRAFT
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability.
DRAFT
0
Microsoft Windows XP
Microsoft Windows Server 2003
Windows kernel
Ingrid Skoog
2004-0211
changed OS
DRAFT
INTERIM
ACCEPTED
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program
ACCEPTED
1
Sun Solaris 9
Kerberos5
Brian Soby
2004-0642
Changed kerberos unknown test to solaris file contents test
DRAFT
INTERIM
ACCEPTED
Double-free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2005-0056
DRAFT
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability.
DRAFT
0
Microsoft Windows Server 2003
Network News Transport Protocol (NNTP)
Christine Walzer
2004-0573
DRAFT
INTERIM
ACCEPTED
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website
ACCEPTED
1
Microsoft Windows NT
Network News Transport Protocol (NNTP)
Christine Walzer
2004-0574
DRAFT
INTERIM
ACCEPTED
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows
ACCEPTED
1
Microsoft Windows XP
NetDDE
Jonathan Baker
2004-0206
DRAFT
INTERIM
ACCEPTED
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow
ACCEPTED
1
Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
Brian Soby
2003-0834
DRAFT
INTERIM
ACCEPTED
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
Harvey Rubinovitz
2004-0845
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site
ACCEPTED
1
Microsoft Windows NT
Remote Procedure Call (RPC)
Matthew Burton
2003-0569
DRAFT
INTERIM
ACCEPTED
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
ACCEPTED
1
Microsoft Windows XP
Windows Shell
Andrew Buttner
2004-0214
DRAFT
INTERIM
ACCEPTED
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
2004-0216
DRAFT
INTERIM
ACCEPTED
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6 SP1
Harvey Rubinovitz
2004-0216
DRAFT
INTERIM
ACCEPTED
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow
ACCEPTED
1
Microsoft Windows Server 2003
SMTP
Christine Walzer
2004-0840
DRAFT
INTERIM
ACCEPTED
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated
ACCEPTED
1
Microsoft Windows ME
Internet Explorer 5.5 Service Pack 2
Harvey Rubinovitz
Harvey Rubinovitz
2004-0845
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Internet Explorer 5.5 Service Pack 2
Harvey Rubinovitz
2004-0842
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability.
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
Harvey Rubinovitz
2004-0841
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6 SP1
Harvey Rubinovitz
2004-0845
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site
ACCEPTED
1
Microsoft Windows 2000
Network News Transport Protocol (NNTP)
Christine Walzer
2004-0574
DRAFT
INTERIM
ACCEPTED
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Internet Explorer 5.5 Service Pack 2
Harvey Rubinovitz
2004-0841
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
Harvey Rubinovitz
2004-0841
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Internet Explorer 5.5 Service Pack 2
Harvey Rubinovitz
Harvey Rubinovitz
2004-0216
DRAFT
INTERIM
ACCEPTED
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
2004-0839
DRAFT
INTERIM
ACCEPTED
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html"
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
2004-0843
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability.
ACCEPTED
1
Microsoft Windows XP
Compressed Folders
David Proulx
Jonathan Baker
2004-0575
modified wrt-554 - corrected regular exprsssion on value. Needed to escape the period in the file name and change the *'s to .*
DRAFT
INTERIM
ACCEPTED
INTERIM
ACCEPTED
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation
ACCEPTED
2
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6 SP1
Harvey Rubinovitz
2004-0842
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.1 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 4
Harvey Rubinovitz
2004-0216
DRAFT
INTERIM
ACCEPTED
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow
ACCEPTED
1
Microsoft Windows Server 2003
NetDDE
Jonathan Baker
2004-0206
DRAFT
INTERIM
ACCEPTED
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows XP
Internet Explorer 6 SP1
Harvey Rubinovitz
2004-0727
DRAFT
INTERIM
ACCEPTED
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
2004-0727
DRAFT
INTERIM
ACCEPTED
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Internet Explorer 5.5 Service Pack 2
Harvey Rubinovitz
2004-0843
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6 SP1
Harvey Rubinovitz
2004-0843
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 5.5 Service Pack 2
Harvey Rubinovitz
2003-0727
DRAFT
INTERIM
ACCEPTED
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions
ACCEPTED
1
Microsoft Windows Server 2003
Microsoft Internet Explorer 6 Service Pack 1 for Windows Server 2003
Harvey Rubinovitz
2004-0727
DRAFT
INTERIM
ACCEPTED
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
2004-0845
DRAFT
INTERIM
ACCEPTED
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site
ACCEPTED
1
Microsoft Windows XP
Internet Explorer 6
Harvey Rubinovitz
2004-0216
DRAFT
INTERIM
ACCEPTED
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow
ACCEPTED
1
Microsoft Windows XP
Internet Explorer 6
Harvey Rubinovitz
2004-0839
DRAFT
INTERIM
ACCEPTED
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html"
ACCEPTED
1
Microsoft Windows 2000
Microsoft Internet Explorer 5.01 Service Pack 3
Harvey Rubinovitz
2004-0216
DRAFT
INTERIM
ACCEPTED
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow
ACCEPTED
1
Microsoft Windows XP
Internet Explorer 6
Harvey Rubinovitz
2004-0727
DRAFT
INTERIM
ACCEPTED
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Internet Explorer 6 SP1
Harvey Rubinovitz
Harvey Rubinovitz
2004-0841
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability.
ACCEPTED
1
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Internet Explorer 6 SP1
Harvey Rubinovitz
2004-0844
DRAFT
INTERIM
ACCEPTED
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.
ACCEPTED
1
OR
OR
OR
AND
AND
AND
OR
OR
AND
AND
OR
OR
OR
AND
AND
AND
OR
AND
AND
AND
AND
AND
AND
OR
AND
AND
AND
OR
AND
OR
AND
AND
AND
AND
AND
OR
OR
AND
AND
OR
AND
OR
OR
AND
OR
AND
AND
AND
AND
OR
OR
AND
OR
OR
AND
AND
OR
OR
AND
OR
AND
AND
AND
AND
AND
AND
OR
OR
AND
OR
OR
AND
AND
OR
AND
OR
AND
AND
OR
AND
OR
AND
AND
OR
OR
OR
AND
AND
OR
OR
AND
OR
AND
OR
OR
OR
AND
AND
OR
AND
AND
AND
OR
OR
OR
AND
OR
AND
AND
AND
OR
AND
OR
OR
AND
OR
AND
AND
AND
AND
OR
AND
AND
AND
OR
AND
OR
AND
AND
AND
OR
AND
AND
OR
AND
OR
AND
AND
OR
AND
OR
AND
AND
AND
AND
AND
OR
AND
OR
AND
AND
AND
AND
OR
OR
OR
AND
OR
AND
AND
AND
OR
OR
AND
OR
AND
AND
AND
OR
AND
AND
AND
OR
OR
AND
OR
OR
AND
OR
AND
AND
AND
AND
AND
AND
OR
AND
OR
OR
AND
OR
AND
OR
AND
OR
AND
OR
AND
OR
OR
AND
OR
OR
AND
AND
OR
AND
AND
OR
OR
OR
OR
AND
OR
AND
OR
OR
OR
AND
OR
OR
OR
AND
OR
OR
OR
OR
AND
AND
AND
OR
OR
AND
OR
OR
AND
OR
OR
OR
OR
AND
OR
OR
AND
OR
OR
OR
OR
AND
OR
AND
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
AND
OR
AND
AND
AND
OR
OR
AND
AND
AND
AND
AND
AND
AND
AND
OR
OR
AND
OR
OR
OR
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
OR
AND
OR
AND
AND
OR
AND
AND
OR
AND
AND
AND
OR
OR
AND
OR
AND
OR
OR
OR
OR
OR
OR
AND
OR
OR
OR
OR
AND
OR
OR
OR
AND
OR
OR
OR
OR
AND
AND
AND
AND
AND
AND
AND
OR
AND
AND
AND
AND
OR
OR
AND
AND
OR
OR
AND
AND
^.*rhnsd.*$
/bin/mount
1
/bin/mount
1
/usr/bin/telnet
1
/usr/bin/telnet
1
/usr/bin/telnet
1
/usr/kerberos/bin/telnet
1
/usr/kerberos/bin/telnet
1
/usr/kerberos/bin/telnet
1
/usr/bin/rlogin
1
/usr/bin/rlogin
1
/usr/bin/rlogin
1
/usr/kerberos/bin/rlogin
1
/usr/kerberos/bin/rlogin
1
/usr/kerberos/bin/rlogin
1
/usr/bin/ssh
1
/usr/bin/ssh
1
/usr/bin/ssh
1
/usr/bin/kmail
1
/usr/bin/kmail
1
/usr/bin/kmail
1
/usr/bin/cvs
1
/usr/bin/cvs
1
/usr/bin/cvs
1
/proc/tty/driver/serial
1
/proc/tty/driver/
1
/proc/tty/
1
/proc/
1
/usr/bin/oocalc
1
/usr/bin/oocalc
1
/usr/bin/oocalc
1
/usr/bin/oodraw
1
/usr/bin/oodraw
1
/usr/bin/oodraw
1
/usr/bin/oofice
1
/usr/bin/oofice
1
/usr/bin/oofice
1
/usr/bin/ooimpress
1
/usr/bin/ooimpress
1
/usr/bin/ooimpress
1
/usr/bin/oowriter
1
/usr/bin/oowriter
1
/usr/bin/oowriter
1
/usr/sbin/tcpdump
1
/usr/sbin/tcpdump
1
/usr/sbin/tcpdump
1
/usr/bin/lha
1
/usr/bin/lha
1
/usr/bin/lha
1
/usr/sbin/utempter
1
/usr/sbin/utempter
1
/usr/sbin/utempter
1
/usr/sbin/utempter
1
/usr/bin/balsa
1
/usr/bin/balsa
1
/usr/bin/balsa
1
/usr/bin/eog
1
/usr/bin/eog
1
/usr/bin/eog
1
/usr/bin/gs
1
/usr/bin/gs
1
/usr/bin/gs
1
/usr/bin/gnupg
1
/usr/bin/gnupg
1
/usr/bin/evolution
1
/usr/bin/evolution
1
/usr/bin/evolution
1
/usr/bin/kdm
1
/usr/bin/kdm
1
/usr/bin/kdm
1
/usr/bin/konqueror
1
/usr/bin/konqueror
1
/usr/bin/konqueror
1
/usr/libexec/filters/psbanner
1
/usr/bin/mutt
1
/usr/bin/mutt
1
/usr/bin/mutt
1
/usr/bin/pine
1
/usr/bin/pine
1
/usr/bin/pine
1
/usr/bin/emacs
1
/usr/bin/emacs
1
/usr/bin/emacs
1
/usr/bin/xemacs
1
/usr/bin/xemacs
1
/usr/bin/xemacs
1
/usr/sbin/sendmail.sendmail
1
/usr/sbin/sendmail.sendmail
1
/usr/sbin/sendmail.sendmail
1
/usr/sbin/sendmail.sendmail
1
/usr/bin/unzip
1
/usr/bin/unzip
1
/usr/bin/unzip
1
/usr/bin/xpdf
1
/usr/bin/xpdf
1
/usr/bin/xpdf
1
/usr/bin/411toppm
1
/usr/bin/411toppm
1
/usr/bin/411toppm
1
/usr/bin/asciitopgm
1
/usr/bin/asciitopgm
1
/usr/bin/asciitopgm
1
/usr/bin/atktopbm
1
/usr/bin/atktopbm
1
/usr/bin/atktopbm
1
/usr/bin/bioradtopgm
1
/usr/bin/bioradtopgm
1
/usr/bin/bioradtopgm
1
/usr/bin/bmptoppm
1
/usr/bin/bmptoppm
1
/usr/bin/bmptoppm
1
/usr/bin/brushtopbm
1
/usr/bin/brushtopbm
1
/usr/bin/brushtopbm
1
/usr/bin/cmuwmtopbm
1
/usr/bin/cmuwmtopbm
1
/usr/bin/cmuwmtopbm
1
/usr/bin/eyuvtoppm
1
/usr/bin/eyuvtoppm
1
/usr/bin/eyuvtoppm
1
/usr/bin/fiascotopnm
1
/usr/bin/fiascotopnm
1
/usr/bin/fiascotopnm
1
/usr/bin/fitstopnm
1
/usr/bin/fitstopnm
1
/usr/bin/fitstopnm
1
/usr/bin/fstopgm
1
/usr/bin/fstopgm
1
/usr/bin/fstopgm
1
/usr/bin/g3topbm
1
/usr/bin/g3topbm
1
/usr/bin/g3topbm
1
/usr/bin/gemtopbm
1
/usr/bin/gemtopbm
1
/usr/bin/gemtopbm
1
/usr/bin/gemtopnm
1
/usr/bin/gemtopnm
1
/usr/bin/gemtopnm
1
/usr/bin/giftopnm
1
/usr/bin/giftopnm
1
/usr/bin/giftopnm
1
/usr/bin/gouldtoppm
1
/usr/bin/gouldtoppm
1
/usr/bin/gouldtoppm
1
/usr/bin/hipstopgm
1
/usr/bin/hipstopgm
1
/usr/bin/hipstopgm
1
/usr/bin/hpcdtoppm
1
/usr/bin/hpcdtoppm
1
/usr/bin/hpcdtoppm
1
/usr/bin/icontopbm
1
/usr/bin/icontopbm
1
/usr/bin/icontopbm
1
/usr/bin/ilbmtoppm
1
/usr/bin/ilbmtoppm
1
/usr/bin/ilbmtoppm
1
/usr/bin/imgtoppm
1
/usr/bin/imgtoppm
1
/usr/bin/imgtoppm
1
/usr/bin/jpegtopnm
1
/usr/bin/jpegtopnm
1
/usr/bin/jpegtopnm
1
/usr/bin/leaftoppm
1
/usr/bin/leaftoppm
1
/usr/bin/leaftoppm
1
/usr/bin/lispmtopgm
1
/usr/bin/lispmtopgm
1
/usr/bin/lispmtopgm
1
/usr/bin/macptopbm
1
/usr/bin/macptopbm
1
/usr/bin/macptopbm
1
/usr/bin/mdatopbm
1
/usr/bin/mdatopbm
1
/usr/bin/mdatopbm
1
/usr/bin/mgrtopbm
1
/usr/bin/mgrtopbm
1
/usr/bin/mgrtopbm
1
/usr/bin/mtvtoppm
1
/usr/bin/mtvtoppm
1
/usr/bin/mtvtoppm
1
/usr/bin/neotoppm
1
/usr/bin/neotoppm
1
/usr/bin/neotoppm
1
/usr/bin/palmtopnm
1
/usr/bin/palmtopnm
1
/usr/bin/palmtopnm
1
/usr/bin/pamchannel
1
/usr/bin/pamchannel
1
/usr/bin/pamchannel
1
/usr/bin/pamcut
1
/usr/bin/pamcut
1
/usr/bin/pamcut
1
/usr/bin/pamdeinterlace
1
/usr/bin/pamdeinterlace
1
/usr/bin/pamdeinterlace
1
/usr/bin/pamfile
1
/usr/bin/pamfile
1
/usr/bin/pamfile
1
/usr/bin/pamoil
1
/usr/bin/pamoil
1
/usr/bin/pamoil
1
/usr/bin/pamstretch
1
/usr/bin/pamstretch
1
/usr/bin/pamstretch
1
/usr/bin/pamtopnm
1
/usr/bin/pamtopnm
1
/usr/bin/pamtopnm
1
/usr/bin/pbmclean
1
/usr/bin/pbmclean
1
/usr/bin/pbmclean
1
/usr/bin/pbmlife
1
/usr/bin/pbmlife
1
/usr/bin/pbmlife
1
/usr/bin/pbmmake
1
/usr/bin/pbmmake
1
/usr/bin/pbmmake
1
/usr/bin/pbmmask
1
/usr/bin/pbmmask
1
/usr/bin/pbmmask
1
/usr/bin/pbmpage
1
/usr/bin/pbmpage
1
/usr/bin/pbmpage
1
/usr/bin/pbmpscale
1
/usr/bin/pbmpscale
1
/usr/bin/pbmpscale
1
/usr/bin/pbmreduce
1
/usr/bin/pbmreduce
1
/usr/bin/pbmreduce
1
/usr/bin/pbmtext
1
/usr/bin/pbmtext
1
/usr/bin/pbmtext
1
/usr/bin/pbmto10x
1
/usr/bin/pbmto10x
1
/usr/bin/pbmto10x
1
/usr/bin/pbmto4425
1
/usr/bin/pbmto4425
1
/usr/bin/pbmto4425
1
/usr/bin/pbmtoascii
1
/usr/bin/pbmtoascii
1
/usr/bin/pbmtoascii
1
/usr/bin/pbmtoatk
1
/usr/bin/pbmtoatk
1
/usr/bin/pbmtoatk
1
/usr/bin/pbmtobbnbg
1
/usr/bin/pbmtobbnbg
1
/usr/bin/pbmtobbnbg
1
/usr/bin/pbmtocmuwm
1
/usr/bin/pbmtocmuwm
1
/usr/bin/pbmtocmuwm
1
/usr/bin/pbmtoepsi
1
/usr/bin/pbmtoepsi
1
/usr/bin/pbmtoepsi
1
/usr/bin/pbmtoepson
1
/usr/bin/pbmtoepson
1
/usr/bin/pbmtoepson
1
/usr/bin/pbmtog3
1
/usr/bin/pbmtog3
1
/usr/bin/pbmtog3
1
/usr/bin/pbmtogem
1
/usr/bin/pbmtogem
1
/usr/bin/pbmtogem
1
/usr/bin/pbmtogo
1
/usr/bin/pbmtogo
1
/usr/bin/pbmtogo
1
/usr/bin/pbmtoicon
1
/usr/bin/pbmtoicon
1
/usr/bin/pbmtoicon
1
/usr/bin/pbmtolj
1
/usr/bin/pbmtolj
1
/usr/bin/pbmtolj
1
/usr/bin/pbmtoln03
1
/usr/bin/pbmtoln03
1
/usr/bin/pbmtoln03
1
/usr/bin/pbmtolps
1
/usr/bin/pbmtolps
1
/usr/bin/pbmtolps
1
/usr/bin/pbmtomacp
1
/usr/bin/pbmtomacp
1
/usr/bin/pbmtomacp
1
/usr/bin/pbmtomda
1
/usr/bin/pbmtomda
1
/usr/bin/pbmtomda
1
/usr/bin/pbmtomgr
1
/usr/bin/pbmtomgr
1
/usr/bin/pbmtomgr
1
/usr/bin/pbmtonokia
1
/usr/bin/pbmtonokia
1
/usr/bin/pbmtonokia
1
/usr/bin/pbmtopgm
1
/usr/bin/pbmtopgm
1
/usr/bin/pbmtopgm
1
/usr/bin/pbmtopi3
1
/usr/bin/pbmtopi3
1
/usr/bin/pbmtopi3
1
/usr/bin/pbmtopk
1
/usr/bin/pbmtopk
1
/usr/bin/pbmtopk
1
/usr/bin/pbmtoplot
1
/usr/bin/pbmtoplot
1
/usr/bin/pbmtoplot
1
/usr/bin/pbmtoppa
1
/usr/bin/pbmtoppa
1
/usr/bin/pbmtoppa
1
/usr/bin/pbmtopsg3
1
/usr/bin/pbmtopsg3
1
/usr/bin/pbmtopsg3
1
/usr/bin/pbmtoptx
1
/usr/bin/pbmtoptx
1
/usr/bin/pbmtoptx
1
/usr/bin/pbmtowbmp
1
/usr/bin/pbmtowbmp
1
/usr/bin/pbmtowbmp
1
/usr/bin/pbmtox10bm
1
/usr/bin/pbmtox10bm
1
/usr/bin/pbmtox10bm
1
/usr/bin/pbmtoxbm
1
/usr/bin/pbmtoxbm
1
/usr/bin/pbmtoxbm
1
/usr/bin/pbmtoybm
1
/usr/bin/pbmtoybm
1
/usr/bin/pbmtoybm
1
/usr/bin/pbmtozinc
1
/usr/bin/pbmtozinc
1
/usr/bin/pbmtozinc
1
/usr/bin/pbmupc
1
/usr/bin/pbmupc
1
/usr/bin/pbmupc
1
/usr/bin/pcxtoppm
1
/usr/bin/pcxtoppm
1
/usr/bin/pcxtoppm
1
/usr/bin/pgmbentley
1
/usr/bin/pgmbentley
1
/usr/bin/pgmbentley
1
/usr/bin/pgmcrater
1
/usr/bin/pgmcrater
1
/usr/bin/pgmcrater
1
/usr/bin/pgmedge
1
/usr/bin/pgmedge
1
/usr/bin/pgmedge
1
/usr/bin/pgmenhance
1
/usr/bin/pgmenhance
1
/usr/bin/pgmenhance
1
/usr/bin/pgmhist
1
/usr/bin/pgmhist
1
/usr/bin/pgmhist
1
/usr/bin/pgmkernel
1
/usr/bin/pgmkernel
1
/usr/bin/pgmkernel
1
/usr/bin/pgmnoise
1
/usr/bin/pgmnoise
1
/usr/bin/pgmnoise
1
/usr/bin/pgmnorm
1
/usr/bin/pgmnorm
1
/usr/bin/pgmnorm
1
/usr/bin/pgmoil
1
/usr/bin/pgmoil
1
/usr/bin/pgmoil
1
/usr/bin/pgmramp
1
/usr/bin/pgmramp
1
/usr/bin/pgmramp
1
/usr/bin/pgmslice
1
/usr/bin/pgmslice
1
/usr/bin/pgmslice
1
/usr/bin/pgmtexture
1
/usr/bin/pgmtexture
1
/usr/bin/pgmtexture
1
/usr/bin/pgmtofs
1
/usr/bin/pgmtofs
1
/usr/bin/pgmtofs
1
/usr/bin/pgmtolispm
1
/usr/bin/pgmtolispm
1
/usr/bin/pgmtolispm
1
/usr/bin/pgmtopbm
1
/usr/bin/pgmtopbm
1
/usr/bin/pgmtopbm
1
/usr/bin/pgmtoppm
1
/usr/bin/pgmtoppm
1
/usr/bin/pgmtoppm
1
/usr/bin/pi1toppm
1
/usr/bin/pi1toppm
1
/usr/bin/pi1toppm
1
/usr/bin/pi3topbm
1
/usr/bin/pi3topbm
1
/usr/bin/pi3topbm
1
/usr/bin/pjtoppm
1
/usr/bin/pjtoppm
1
/usr/bin/pjtoppm
1
/usr/bin/pktopbm
1
/usr/bin/pktopbm
1
/usr/bin/pktopbm
1
/usr/bin/pngtopnm
1
/usr/bin/pngtopnm
1
/usr/bin/pngtopnm
1
/usr/bin/pnmalias
1
/usr/bin/pnmalias
1
/usr/bin/pnmalias
1
/usr/bin/pnmarith
1
/usr/bin/pnmarith
1
/usr/bin/pnmarith
1
/usr/bin/pnmcat
1
/usr/bin/pnmcat
1
/usr/bin/pnmcat
1
/usr/bin/pnmcolormap
1
/usr/bin/pnmcolormap
1
/usr/bin/pnmcolormap
1
/usr/bin/pnmcomp
1
/usr/bin/pnmcomp
1
/usr/bin/pnmcomp
1
/usr/bin/pnmconvol
1
/usr/bin/pnmconvol
1
/usr/bin/pnmconvol
1
/usr/bin/pnmcrop
1
/usr/bin/pnmcrop
1
/usr/bin/pnmcrop
1
/usr/bin/pnmcut
1
/usr/bin/pnmcut
1
/usr/bin/pnmcut
1
/usr/bin/pnmdepth
1
/usr/bin/pnmdepth
1
/usr/bin/pnmdepth
1
/usr/bin/pnmenlarge
1
/usr/bin/pnmenlarge
1
/usr/bin/pnmenlarge
1
/usr/bin/pnmfile
1
/usr/bin/pnmfile
1
/usr/bin/pnmfile
1
/usr/bin/pnmflip
1
/usr/bin/pnmflip
1
/usr/bin/pnmflip
1
/usr/bin/pnmgamma
1
/usr/bin/pnmgamma
1
/usr/bin/pnmgamma
1
/usr/bin/pnmhisteq
1
/usr/bin/pnmhisteq
1
/usr/bin/pnmhisteq
1
/usr/bin/pnmhistmap
1
/usr/bin/pnmhistmap
1
/usr/bin/pnmhistmap
1
/usr/bin/pnminterp
1
/usr/bin/pnminterp
1
/usr/bin/pnminterp
1
/usr/bin/pnminvert
1
/usr/bin/pnminvert
1
/usr/bin/pnminvert
1
/usr/bin/pnmmontage
1
/usr/bin/pnmmontage
1
/usr/bin/pnmmontage
1
/usr/bin/pnmnlfilt
1
/usr/bin/pnmnlfilt
1
/usr/bin/pnmnlfilt
1
/usr/bin/pnmnoraw
1
/usr/bin/pnmnoraw
1
/usr/bin/pnmnoraw
1
/usr/bin/pnmpad
1
/usr/bin/pnmpad
1
/usr/bin/pnmpad
1
/usr/bin/pnmpaste
1
/usr/bin/pnmpaste
1
/usr/bin/pnmpaste
1
/usr/bin/pnmpsnr
1
/usr/bin/pnmpsnr
1
/usr/bin/pnmpsnr
1
/usr/bin/pnmremap
1
/usr/bin/pnmremap
1
/usr/bin/pnmremap
1
/usr/bin/pnmrotate
1
/usr/bin/pnmrotate
1
/usr/bin/pnmrotate
1
/usr/bin/pnmscale
1
/usr/bin/pnmscale
1
/usr/bin/pnmscale
1
/usr/bin/pnmscalefixed
1
/usr/bin/pnmscalefixed
1
/usr/bin/pnmscalefixed
1
/usr/bin/pnmshear
1
/usr/bin/pnmshear
1
/usr/bin/pnmshear
1
/usr/bin/pnmsmooth
1
/usr/bin/pnmsmooth
1
/usr/bin/pnmsmooth
1
/usr/bin/pnmsplit
1
/usr/bin/pnmsplit
1
/usr/bin/pnmsplit
1
/usr/bin/pnmtile
1
/usr/bin/pnmtile
1
/usr/bin/pnmtile
1
/usr/bin/pnmtoddif
1
/usr/bin/pnmtoddif
1
/usr/bin/pnmtoddif
1
/usr/bin/pnmtofiasco
1
/usr/bin/pnmtofiasco
1
/usr/bin/pnmtofiasco
1
/usr/bin/pnmtofits
1
/usr/bin/pnmtofits
1
/usr/bin/pnmtofits
1
/usr/bin/pnmtojpeg
1
/usr/bin/pnmtojpeg
1
/usr/bin/pnmtojpeg
1
/usr/bin/pnmtopalm
1
/usr/bin/pnmtopalm
1
/usr/bin/pnmtopalm
1
/usr/bin/pnmtoplainpnm
1
/usr/bin/pnmtoplainpnm
1
/usr/bin/pnmtoplainpnm
1
/usr/bin/pnmtopng
1
/usr/bin/pnmtopng
1
/usr/bin/pnmtopng
1
/usr/bin/pnmtops
1
/usr/bin/pnmtops
1
/usr/bin/pnmtops
1
/usr/bin/pnmtorast
1
/usr/bin/pnmtorast
1
/usr/bin/pnmtorast
1
/usr/bin/pnmtorle
1
/usr/bin/pnmtorle
1
/usr/bin/pnmtorle
1
/usr/bin/pnmtosgi
1
/usr/bin/pnmtosgi
1
/usr/bin/pnmtosgi
1
/usr/bin/pnmtosir
1
/usr/bin/pnmtosir
1
/usr/bin/pnmtosir
1
/usr/bin/pnmtotiff
1
/usr/bin/pnmtotiff
1
/usr/bin/pnmtotiff
1
/usr/bin/pnmtotiffcmyk
1
/usr/bin/pnmtotiffcmyk
1
/usr/bin/pnmtotiffcmyk
1
/usr/bin/pnmtoxwd
1
/usr/bin/pnmtoxwd
1
/usr/bin/pnmtoxwd
1
/usr/bin/ppm3d
1
/usr/bin/ppm3d
1
/usr/bin/ppm3d
1
/usr/bin/ppmbrighten
1
/usr/bin/ppmbrighten
1
/usr/bin/ppmbrighten
1
/usr/bin/ppmchange
1
/usr/bin/ppmchange
1
/usr/bin/ppmchange
1
/usr/bin/ppmcie
1
/usr/bin/ppmcie
1
/usr/bin/ppmcie
1
/usr/bin/ppmcolormask
1
/usr/bin/ppmcolormask
1
/usr/bin/ppmcolormask
1
/usr/bin/ppmcolors
1
/usr/bin/ppmcolors
1
/usr/bin/ppmcolors
1
/usr/bin/ppmdim
1
/usr/bin/ppmdim
1
/usr/bin/ppmdim
1
/usr/bin/ppmdist
1
/usr/bin/ppmdist
1
/usr/bin/ppmdist
1
/usr/bin/ppmdither
1
/usr/bin/ppmdither
1
/usr/bin/ppmdither
1
/usr/bin/ppmflash
1
/usr/bin/ppmflash
1
/usr/bin/ppmflash
1
/usr/bin/ppmforge
1
/usr/bin/ppmforge
1
/usr/bin/ppmforge
1
/usr/bin/ppmhist
1
/usr/bin/ppmhist
1
/usr/bin/ppmhist
1
/usr/bin/ppmlabel
1
/usr/bin/ppmlabel
1
/usr/bin/ppmlabel
1
/usr/bin/ppmmake
1
/usr/bin/ppmmake
1
/usr/bin/ppmmake
1
/usr/bin/ppmmix
1
/usr/bin/ppmmix
1
/usr/bin/ppmmix
1
/usr/bin/ppmnorm
1
/usr/bin/ppmnorm
1
/usr/bin/ppmnorm
1
/usr/bin/ppmntsc
1
/usr/bin/ppmntsc
1
/usr/bin/ppmntsc
1
/usr/bin/ppmpat
1
/usr/bin/ppmpat
1
/usr/bin/ppmpat
1
/usr/bin/ppmquant
1
/usr/bin/ppmquant
1
/usr/bin/ppmquant
1
/usr/bin/ppmqvga
1
/usr/bin/ppmqvga
1
/usr/bin/ppmqvga
1
/usr/bin/ppmrelief
1
/usr/bin/ppmrelief
1
/usr/bin/ppmrelief
1
/usr/bin/ppmshift
1
/usr/bin/ppmshift
1
/usr/bin/ppmshift
1
/usr/bin/ppmspread
1
/usr/bin/ppmspread
1
/usr/bin/ppmspread
1
/usr/bin/ppmtoacad
1
/usr/bin/ppmtoacad
1
/usr/bin/ppmtoacad
1
/usr/bin/ppmtobmp
1
/usr/bin/ppmtobmp
1
/usr/bin/ppmtobmp
1
/usr/bin/ppmtoeyuv
1
/usr/bin/ppmtoeyuv
1
/usr/bin/ppmtoeyuv
1
/usr/bin/ppmtogif
1
/usr/bin/ppmtogif
1
/usr/bin/ppmtogif
1
/usr/bin/ppmtoicr
1
/usr/bin/ppmtoicr
1
/usr/bin/ppmtoicr
1
/usr/bin/ppmtoilbm
1
/usr/bin/ppmtoilbm
1
/usr/bin/ppmtoilbm
1
/usr/bin/ppmtojpeg
1
/usr/bin/ppmtojpeg
1
/usr/bin/ppmtojpeg
1
/usr/bin/ppmtoleaf
1
/usr/bin/ppmtoleaf
1
/usr/bin/ppmtoleaf
1
/usr/bin/ppmtolj
1
/usr/bin/ppmtolj
1
/usr/bin/ppmtolj
1
/usr/bin/ppmtomitsu
1
/usr/bin/ppmtomitsu
1
/usr/bin/ppmtomitsu
1
/usr/bin/ppmtompeg
1
/usr/bin/ppmtompeg
1
/usr/bin/ppmtompeg
1
/usr/bin/ppmtoneo
1
/usr/bin/ppmtoneo
1
/usr/bin/ppmtoneo
1
/usr/bin/ppmtopcx
1
/usr/bin/ppmtopcx
1
/usr/bin/ppmtopcx
1
/usr/bin/ppmtopgm
1
/usr/bin/ppmtopgm
1
/usr/bin/ppmtopgm
1
/usr/bin/ppmtopi1
1
/usr/bin/ppmtopi1
1
/usr/bin/ppmtopi1
1
/usr/bin/ppmtopict
1
/usr/bin/ppmtopict
1
/usr/bin/ppmtopict
1
/usr/bin/ppmtopj
1
/usr/bin/ppmtopj
1
/usr/bin/ppmtopj
1
/usr/bin/ppmtopjxl
1
/usr/bin/ppmtopjxl
1
/usr/bin/ppmtopjxl
1
/usr/bin/ppmtopuzz
1
/usr/bin/ppmtopuzz
1
/usr/bin/ppmtopuzz
1
/usr/bin/ppmtorgb3
1
/usr/bin/ppmtorgb3
1
/usr/bin/ppmtorgb3
1
/usr/bin/ppmtosixel
1
/usr/bin/ppmtosixel
1
/usr/bin/ppmtosixel
1
/usr/bin/ppmtotga
1
/usr/bin/ppmtotga
1
/usr/bin/ppmtotga
1
/usr/bin/ppmtouil
1
/usr/bin/ppmtouil
1
/usr/bin/ppmtouil
1
/usr/bin/ppmtowinicon
1
/usr/bin/ppmtowinicon
1
/usr/bin/ppmtowinicon
1
/usr/bin/ppmtoxpm
1
/usr/bin/ppmtoxpm
1
/usr/bin/ppmtoxpm
1
/usr/bin/ppmtoyuv
1
/usr/bin/ppmtoyuv
1
/usr/bin/ppmtoyuv
1
/usr/bin/ppmtoyuvsplit
1
/usr/bin/ppmtoyuvsplit
1
/usr/bin/ppmtoyuvsplit
1
/usr/bin/ppmtv
1
/usr/bin/ppmtv
1
/usr/bin/ppmtv
1
/usr/bin/psidtopgm
1
/usr/bin/psidtopgm
1
/usr/bin/psidtopgm
1
/usr/bin/pstopnm
1
/usr/bin/pstopnm
1
/usr/bin/pstopnm
1
/usr/bin/qrttoppm
1
/usr/bin/qrttoppm
1
/usr/bin/qrttoppm
1
/usr/bin/rasttopnm
1
/usr/bin/rasttopnm
1
/usr/bin/rasttopnm
1
/usr/bin/rawtopgm
1
/usr/bin/rawtopgm
1
/usr/bin/rawtopgm
1
/usr/bin/rawtoppm
1
/usr/bin/rawtoppm
1
/usr/bin/rawtoppm
1
/usr/bin/rgb3toppm
1
/usr/bin/rgb3toppm
1
/usr/bin/rgb3toppm
1
/usr/bin/rletopnm
1
/usr/bin/rletopnm
1
/usr/bin/rletopnm
1
/usr/bin/sbigtopgm
1
/usr/bin/sbigtopgm
1
/usr/bin/sbigtopgm
1
/usr/bin/sgitopnm
1
/usr/bin/sgitopnm
1
/usr/bin/sgitopnm
1
/usr/bin/sirtopnm
1
/usr/bin/sirtopnm
1
/usr/bin/sirtopnm
1
/usr/bin/sldtoppm
1
/usr/bin/sldtoppm
1
/usr/bin/sldtoppm
1
/usr/bin/spctoppm
1
/usr/bin/spctoppm
1
/usr/bin/spctoppm
1
/usr/bin/spottopgm
1
/usr/bin/spottopgm
1
/usr/bin/spottopgm
1
/usr/bin/sputoppm
1
/usr/bin/sputoppm
1
/usr/bin/sputoppm
1
/usr/bin/tgatoppm
1
/usr/bin/tgatoppm
1
/usr/bin/tgatoppm
1
/usr/bin/thinkjettopbm
1
/usr/bin/thinkjettopbm
1
/usr/bin/thinkjettopbm
1
/usr/bin/tifftopnm
1
/usr/bin/tifftopnm
1
/usr/bin/tifftopnm
1
/usr/bin/wbmptopbm
1
/usr/bin/wbmptopbm
1
/usr/bin/wbmptopbm
1
/usr/bin/winicontoppm
1
/usr/bin/winicontoppm
1
/usr/bin/winicontoppm
1
/usr/bin/xbmtopbm
1
/usr/bin/xbmtopbm
1
/usr/bin/xbmtopbm
1
/usr/bin/ximtoppm
1
/usr/bin/ximtoppm
1
/usr/bin/ximtoppm
1
/usr/bin/xpmtoppm
1
/usr/bin/xpmtoppm
1
/usr/bin/xpmtoppm
1
/usr/bin/xvminitoppm
1
/usr/bin/xvminitoppm
1
/usr/bin/xvminitoppm
1
/usr/bin/xwdtopnm
1
/usr/bin/xwdtopnm
1
/usr/bin/xwdtopnm
1
/usr/bin/ybmtopbm
1
/usr/bin/ybmtopbm
1
/usr/bin/ybmtopbm
1
/usr/bin/yuvsplittoppm
1
/usr/bin/yuvsplittoppm
1
/usr/bin/yuvsplittoppm
1
/usr/bin/yuvtoppm
1
/usr/bin/yuvtoppm
1
/usr/bin/yuvtoppm
1
/usr/bin/zeisstopnm
1
/usr/bin/zeisstopnm
1
/usr/bin/zeisstopnm
1
/usr/X11R6/bin/XFree86
1
/usr/X11R6/bin/XFree86
1
/usr/X11R6/bin/XFree86
1
/usr/bin/gaim
1
/usr/bin/gaim
1
/usr/bin/gaim
1
/usr/bin/slocate
1
/usr/bin/slocate
1
/usr/bin/mc
1
/usr/bin/mc
1
/usr/bin/mc
1
/usr/sbin/tcpdump
1
/usr/sbin/tcpdump
1
/usr/sbin/tcpdump
1
/
1
/usr/bin/ethereal
1
/usr/bin/ethereal
1
/usr/bin/ethereal
1
/usr/sbin/ethereal
1
/usr/sbin/ethereal
1
/usr/sbin/ethereal
1
/usr/sbin/tethereal
1
/usr/sbin/tethereal
1
/usr/sbin/tethereal
1
/usr/share/services/kfile_vcf.desktop
1
/usr/share/services/kfile_vcf.desktop
1
/usr/share/services/kfile_vcf.desktop
1
/usr/bin/mozilla
1
/usr/bin/mozilla
1
/usr/bin/mozilla
1
/usr/bin/ethereal
1
/usr/bin/ethereal
1
/usr/bin/ethereal
1
/usr/sbin/ethereal
1
/usr/sbin/ethereal
1
/usr/sbin/ethereal
1
/usr/bin/tethereal
1
/usr/bin/tethereal
1
/usr/bin/tethereal
1
/etc/httpd/modules/libphp4.so
^.*cupsd.*
^.*httpd.*
^.*httpd\.worker.*
^.*lpd.*
^.*mysqld.*
^.*rpc\.mountd.*
^.*sshd.*
^.*smtpd.*
^.*smbd.*
TCP
^.*smbd.*
^.*sendmail.*
TCP
^.*sendmail.*
^.*vsftpd.*
TCP
^.*xinetd.*
^.*ypserv.*
1720
.*
^.*httpd.*
TCP
^.*httpd
TCP
^.*rpc\.mountd
^.*snmpd.*
^.*squid.*
^.*racoon
UDP
^.*squid
1812
.*/radiusd
udp
redhat-release
9
NULL
kernel
6
2.4.20
redhat-release
^3.S
redhat-release
^.*3.S
php
^i.*86
2.4.20-6
x86_64
FreeRADIUS
NULL
1.0.1
1
earlier
balsa
NULL
2.0.6
2
earlier
cups
NULL
1.1.17
13.3
earlier
ddskk
NULL
11.6.0
11.90
earlier
ddskk-xemacs
NULL
11.6.0
11.90
earlier
eog
NULL
2.2.0
2
earlier
ethereal
NULL
0.9.11
0.90.1
earlier
ethereal
NULL
0.9.13
1.90.1
earlier
ethereal-gnome
NULL
0.9.13
1.90.1
earlier
evolution
NULL
1.2.2
5
earlier
gdm
1
2.4.1.3
5.1
earlier
ghostscript
NULL
7.05
32.1
earlier
gnupg
NULL
1.2.1
4
earlier
gtkhtml
NULL
1.1.9
0.9
earlier
gtkhtml
NULL
1.1.9
0.9.1
earlier
httpd
NULL
2.0.40
21.1
earlier
httpd
NULL
2.0.40
21.5
earlier
kdebase
6
3.1
15
earlier
krb5-server
NULL
1.2.7
14
earlier
krb5-libs
NULL
1.2.7
14
earlier
krb5-workstation
NULL
1.2.7
14
earlier
kernel
NULL
2.4.20
13.9
earlier
kernel
NULL
2.4.20
18.9
earlier
kernel
NULL
2.4.20
19.9
earlier
kdelibs
6
3.1
12
earlier
lprng
NULL
3.8.19
3.1
earlier
lv
NULL
4.49.4
9.9.1
earlier
mutt
5
1.4.1
1
earlier
mysql-server
NULL
3.23.56
1.9
earlier
nfs-utils
NULL
1.0.1
3.9
earlier
openssh-server
NULL
3.5p1
6.9
earlier
openssh-server
NULL
3.5p1
11
earlier
openssl
NULL
0.9.7a
5
earlier
openssl-devel
NULL
0.9.7a
5
earlier
openssl-perl
NULL
0.9.7a
5
earlier
openssl096
NULL
0.9.6
17
earlier
openssl096b
NULL
0.9.6b
6
earlier
pam_smb
NULL
1.1.6
9.9
earlier
perl-CGI
2
2.81
88.3
earlier
php
NULL
4.2.2
17.2
earlier
pine
NULL
4.44
19.90.0
earlier
postfix
2
1.1.12
1
earlier
samba
NULL
2.2.7a
7.9.0
earlier
samba
NULL
2.2.7a
8.9.0
earlier
wl
NULL
2.10.1
1.1
earlier
wl-xemacs
NULL
2.10.1
1.1
earlier
sendmail
NULL
8.12.8
5.90
earlier
sendmail
NULL
8.12.8
9.90
earlier
sendmail
NULL
8.12.8
6.90
earlier
squirrelmail
NULL
1.2.11
1
earlier
unzip
NULL
5.50
33
earlier
up2date
NULL
3.1.23.1
5
earlier
vsftpd
NULL
1.1.3
8
earlier
xinetd
2
2.3.11
1.9.0
earlier
xpdf
1
2.0.1
11
earlier
ypserv
NULL
2.8
0.9E
earlier
pwlib
NULL
1.4.7
4.1
earlier
netpbm
NULL
9.24
10.90.1
earlier
netpbm-devel
NULL
9.24
10.90.1
earlier
netpbm-progs
NULL
9.24
10.90.1
earlier
XFree86
NULL
4.3.0
2.90.55
earlier
netpbm
NULL
9.24
11.30.1
earlier
netpbm-devel
NULL
9.24
11.30.1
earlier
netpbm-progs
NULL
9.24
11.30.1
earlier
mutt
5
1.4.1
3.3
earlier
mailman
3
2.1.1
5
earlier
gaim
1
0.75
0.9.0
earlier
slocate
NULL
2.7
2
earlier
mc
1
4.6.0
7.9
earlier
kdelibs
6
3.1
13
earlier
kernel
NULL
2.4.21
9.0.1.EL
earlier
kernel-smp
NULL
2.4.21
9.0.1.EL
earlier
kernel-hugemem
NULL
2.4.21
9.0.1.EL
earlier
pwlib
NULL
1.4.7
7.EL
earlier
samba
NULL
3.0.2
6.3E
earlier
mod_python
NULL
3.0.1
4
earlier
XFree86
NULL
4.3.0
55.EL
earlier
libxml2
NULL
2.5.10
6
earlier
libxml2-devel
NULL
2.5.10
6
earlier
libxml2-python
NULL
2.5.10
6
earlier
kernel
NULL
2.4.20
30.9
earlier
kernel-smp
NULL
2.4.20
30.9
earlier
kernel-bigmem
NULL
2.4.20
30.9
earlier
mutt
5
1.4.1
3.4
earlier
gdk-pixbuf
1
0.22.0
6.0.3
earlier
gdk-pixbuf-devel
1
0.22.0
6.0.3
earlier
gdk-pixbuf-gnome
1
0.22.0
6.0.3
earlier
gdk-pixbuf
1
0.22.0
6.1.0
earlier
gdk-pixbuf-devel
1
0.22.0
6.1.0
earlier
gdk-pixbuf-gnome
1
0.22.0
6.1.0
earlier
tcpdump
14
3.7.2
7.9.1
earlier
sysstat
NULL
4.0.7
4.rhl9.1
earlier
tcpdump
14
3.7.2
7.E3.1
earlier
cvs
NULL
1.11.2
13
earlier
ethereal
NULL
0.10.0a
0.90.1
earlier
ethereal=gnome
NULL
0.10.0a
0.90.1
earlier
kdepim
6
3.1
6
earlier
kernel
NULL
2.4.20
28.9
earlier
kernel-smp
NULL
2.4.20
28.9
earlier
kernel-bigmem
NULL
2.4.20
28.9
earlier
nfs-utils
NULL
1.0.6
7.EL
earlier
sysstat
NULL
4.0.7
4.EL3.2
earlier
httpd
NULL
2.0.40
21.9
earlier
httpd
NULL
2.0.46
26.ent
earlier
kdepim
6
3.1.3
3.3
earlier
cvs
NULL
1.11.2
14
earlier
kernel
NULL
2.4.21
4.0.2.EL
earlier
kernel-smp
NULL
2.4.21
4.0.2.EL
earlier
kernel-bigmem
NULL
2.4.21
4.0.2.EL
earlier
kernel
NULL
2.4.21
9.EL
earlier
net-snmp
NULL
5.0.9
2.30E.1
earlier
openssl
NULL
0.9.7a
33.4
earlier
openssl-devel
NULL
0.9.7a
33.4
earlier
openssl-perl
NULL
0.9.7a
33.4
earlier
openssl096b
NULL
0.9.6b
16
earlier
mozilla-nss
37
1.4.2
0.9.0
earlier
mozilla
37
1.4.2
0.9.0
earlier
openssl
NULL
0.9.7a
20.2
earlier
openssl-devel
NULL
0.9.7a
20.2
earlier
openssl-perl
NULL
0.9.7a
20.2
earlier
openssl096
NULL
0.9.6
25.9
earlier
openssl096b
NULL
0.9.6b
15
earlier
mod_ssl
NULL
2.0.46
32.ent
earlier
squid
7
2.5STABLE1
3.9
earlier
ethereal
NULL
0.10.3
0.90.1
earlier
ethereal-gnome
NULL
0.10.3
0.90.1
earlier
ethereal
NULL
0.10.3
0.30E.1
earlier
ethereal-gnome
NULL
0.10.3
0.30E.1
earlier
mozilla-nss
37
1.4.2
3.0.2
earlier
kernel
NULL
2.4.21
9.0.3.EL
earlier
kernel-smp
NULL
2.4.21
9.0.3.EL
earlier
kernel-hugemem
NULL
2.4.21
9.0.3.EL
earlier
squid
7
2.5.STABLE3
5.3E
earlier
ipsec-tools
NULL
0.2.5
0.4
earlier
kdelibs
6
3.1.3
6.4
earlier
rsync
NULL
2.5.7
4.3E
earlier
cvs
NULL
1.11.2
22
earlier
libpng
2
1.2.2
21
earlier
libpng-devel
2
1.2.2
21
earlier
libpng
NULL
1.0.13
12
earlier
libpng-devel
NULL
1.0.13
12
earlier
kernel
NULL
2.4.21
15.EL
earlier
kernel-unsupported
NULL
2.4.21
15.EL
earlier
cvs
NULL
1.11.2
18
earlier
openoffice
NULL
1.1.0
15.EL
earlier
tcpdump
14
3.7.2
7.E3.2
earlier
lha
NULL
1.14i
10.2
earlier
utempter
NULL
0.5.5
1.3EL.0
earlier
squid
7
2.5.STABLE3
6.3E
earlier
ethereal
NULL
0.10.3
0.30E.2
earlier
ethereal-gnome
NULL
0.10.3
0.30E.2
earlier
krb5-libs
NULL
1.2.7
24
earlier
cvs
NULL
1.11.2
24
earlier
squirrelmail
NULL
1.4.3
0.e3.1
earlier
kernel
0
2.4.21
15.0.2.EL
earlier
kernel-hugemem
0
2.4.21
15.0.2.EL
earlier
kernel-smp
0
2.4.21
15.0.2.EL
earlier
libpng
2
1.2.2
24
earlier
libpng-devel
2
1.2.2
24
earlier
libpng10-devel
0
1.0.13
14
earlier
libpng10
0
1.0.13
14
earlier
SUNWstm
SUNWcsx?u
SUNWnsb
SUNWxwplt
SUNWnisu
SUNWsndmu
SUWNsmbar
SUNWkcsr[tx]
SUNWinamd
SUNWkcl2r
SUNWypu
SUNWxwfs
SUNWpcr
SUNWpcu
SUNWpsr
SUNWpsu
SUNWmoznav
SUNWmozmail
SUNWsmbau
SUNWkr5sv
SUNWsndmr
SUNWkrbr
SUNWkrbux?
SUNWdtba[sx]
SUNWdthep
SUNWlvmr
SUNWpcu
SUNWkr5sl
SUNWkrgdo
SUNWkrggl
SUNWdtwm
SUNWsasnm
SUNWdtdmn
SUNWapchu
SUNWtltkx?
SUNWadmfw
SUNWscvw
SUNWdtdst
^.*ypbind.*
^.*inetd.*
root
^.*dmispd.*
^.*snmpdx.*
^.*rpc\.yppasswdd.*
^.*mibiisa.*
^.*dtlogin.*
.*httpd
.*sendmail .*
.*krb5kdc.*
^/usr/apache/bin/httpd.*SUNWscvw/conf/httpd.conf.*
/usr/sbin/in.named
^.*smbd.*
^.*sshd.*
^.*ypxfrd.*
/usr/openwin/bin/kcms_configure
1
/usr/openwin/bin/kcms_configure
1
/usr/openwin/bin/kcms_configure
1
/usr/dt/bin/rpc.cmsd
1
/usr/dt/bin/rpc.cmsd
1
/usr/dt/bin/rpc.cmsd
1
/usr/openwin/bin/xlock
1
/usr/openwin/bin/xlock
1
/usr/openwin/bin/Xsun
1
/usr/openwin/bin/Xsun
1
/usr/dt/bin/rpc.ttdbserverd
1
/usr/dt/bin/rpc.ttdbserverd
1
/usr/dt/bin/rpc.ttdbserverd
1
/usr/lib/fs/cachefs/cachefsd
1
/usr/lib/fs/cachefs/cachefsd
1
/usr/lib/fs/cachefs/cachefsd
1
^/usr/sbin/sparcv./whodo
1
^/usr/sbin/sparcv./whodo
1
/usr/lib/netsvc/rwall/rpc.rwalld
1
/usr/lib/netsvc/rwall/rpc.rwalld
1
/usr/lib/netsvc/rwall/rpc.rwalld
1
^.*/bin/admintool
1
^.*/bin/admintool
1
/usr/dt/bin/dtspcd
1
/usr/dt/bin/dtspcd
1
/usr/dt/bin/dtspcd
1
/usr/openwin/bin/lbxproxy
1
/usr/openwin/bin/lbxproxy
1
/usr/openwin/bin/kcms_server
1
/usr/openwin/bin/kcms_server
1
/usr/openwin/bin/kcms_server
1
/usr/openwin/bin/xfs
1
/usr/openwin/bin/xfs
1
/usr/openwin/bin/xfs
1
/usr/openwin/bin/kcms_configure
/usr/dt/bin/rpc.cmsd
/usr/lib/dmi/dmispd
/usr/openwin/bin/xlock
/usr/lib/snmp/snmpdx
/usr/openwin/bin/Xsun
/usr/dt/bin/rpc.ttdbserverd
/usr/lib/fs/cachefs/cachefsd
^/usr/sbin/sparcv./whodo$
/usr/lib/netsvc/rwall/rpc.rwalld
^.*/bin/admintool$
/usr/lib/netsvc/rpc.yppasswdd
/usr/lib/snmp/mibiisa
/usr/dt/bin/dtspcd
/usr/openwin/bin/lbxproxy
/usr/openwin/bin/kcms_server
/usr/openwin/lib/fs.auto
/usr/openwin/bin/xfs
/usr/dt/bin/dtlogin
/etc/rc[2-4].d/S[0-9][0-9]svm.init
/etc/krb5/krb5.conf
hostname6?\.le.*
^.*smbd.*
/usr/dt/bin/rpc.cmsd
/usr/dt/bin/rpc.ttdbserverd
/usr/lib/fs/cachefs/cachefsd
/usr/lib/netsvc/rwall/rpc.rwalld
/usr/dt/bin/dtspcd
/usr/openwin/bin/kcms_server
/usr/openwin/lib/fs.auto
/usr/sbin/sadmind
/usr/sbin/sadmind
-S 2
106950
14
107702
12
109354
19
114497
01
107709
18
108869
15
108219
01
108221
01
107893
05
108800
02
109147
07
110896
02
114008
01
107115
12
108528
18
112233
04
112963
09
107684
10
110615
10
114684
02
112604
02
112609
02
115172
01
113273
04
113575
01
114636
01
108827
30
108901
6
108652
38
108869
16
108652
52
110286
9
110896
2
108376
38
111600
1
107337
03
112899
1
106942
22
108541
6
111826
1
111596
2
107709
19
107337
2
110453
1
108721
2
108949
7
111400
02
106934
4
112846
1
107893
19
108652
51
111590
2
108376
30
109862
3
108117
6
107893
20
107654
10
110286
10
108919
21
112807
09
106541
33
109007
18
114332
12
112908
12
107684
11
110615
11
106938
07
113575
05
113073
13
117367
01
114796
04
112237
11
112390
09
112908
16
112536
05
112908
13
107180
31
109326
10
112908
15
116973
01
113146
05
112808
02
107178
03
108949
08
116308
01
116457
02
112970
03
116442
01
116454
01
113146
03
109613
07
112810
06
113505
02
113508
02
115054
01
115055
01
108451
06
106938
08
109326
13
112970
06
113319
01
11233
02
106938
06
109326
09
112970
02
106541
24
109328
03
113579
01
108574
03
110898
02
108162
04
109324
03
108376
25
108416
02
110943
01
113923
02
107115
13
109320
07
113329
02
117765
02
117767
02
114684
01
112536
04
108652
30
110057
07
110060
04
116462
01
112237
09
112390
08
112925
03
112923
03
112921
02
112908
10
112300
01
112085
02
108750
02
110322
01
112536
02
112237
07
112390
07
112908
04
SunOS
5.8
SunOS
5.7
SunOS
5.9
We think, but are not sure that the affected version of bkupexec.exe is 3.60.1.298 The file should be found in C:\Program Files\VERITAS\Backup Exec\NT\bkupexec.exe
grep c2audit /etc/system True if "set c2audit:audit_load = 1" or similiar
egrep ^flags:.*a[sd] /etc/security/audit_control True if any lines returned
egrep "^[Srecipient=2|S2]|^[^#]*\$>2|^[^#]*\$>recipient|^[^#]*\$>4|^[^#]*\$>final" /etc/mail/sendmail.cf True if any lines returned
Service Pack 2 or less for Windows Office XP needs regex involving strings and less than
configuration
^CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchRoutingEnabled
ADSTYPE_INTEGER
1
configuration
^CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchAdminGroupsEnabled
ADSTYPE_INTEGER
1
configuration
^CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchDS2MBOptions
ADSTYPE_INTEGER
64
configuration
^Public,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAuthenticationFlags
ADSTYPE_INTEGER
4
configuration
^CN=Public,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchAccessFlags
ADSTYPE_INTEGER
512
configuration
^Public,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAccessFlags
ADSTYPE_INTEGER
1
configuration
^Public,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAccessFlags
ADSTYPE_INTEGER
2
configuration
^Public,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAccessFlags
ADSTYPE_INTEGER
16
configuration
^Public,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchDirBrowseFlags
ADSTYPE_INTEGER
2147483648
configuration
^CN=[^,]*,CN=InformationStore,CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchESEParamZeroDatabaseDuringBackup
ADSTYPE_INTEGER
1
configuration
^CN=Default,CN=Internet Message Formats,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchRoutingAcceptMessageType
ADSTYPE_INTEGER
0
configuration
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAuthenticationFlags
ADSTYPE_INTEGER
2
configuration
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
attribute>msExchOtherAuthenticationFlags
ADSTYPE_INTEGER
1
configuration
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAuthenticationFlags
ADSTYPE_INTEGER
4
configuration
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
oWAServer
ADSTYPE_PRINTABLE_STRING
^https\:\/\/
configuration
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchServerBindings
ADSTYPE_INTEGER
143
configuration
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchSecureBindings
ADSTYPE_INTEGER
993
configuration
^CN=Mailbox Store \([^\)]*\),CN=[^,]*,CN=InformationStore,CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchMessageJournalRecipient
ADSTYPE_DN_STRING
.+
configuration
^CN=Mailbox Store \([^\)]*\),CN=[^,]*,CN=InformationStore,CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchDownGradeMultipartSigned
ADSTYPE_INTEGER
0
configuration
^CN=Mailbox Store \([^\)]*\),CN=[^,]*,CN=InformationStore,CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
deletedItemFlags
ADSTYPE_INTEGER
2
configuration
^CN=[^,]+,CN=[^,]+,CN=[^,]+,CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
.*
configuration
^CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
delivContLength
ADSTYPE_INTEGER
30720
configuration
^CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
submissionContLength
ADSTYPE_INTEGER
30720
configuration
^CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchRecipLimit
ADSTYPE_INTEGER
5000
configuration
^CN=[^,]+,CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchRecipTurfListOptions
configuration
^CN=Exchange,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchAccessFlags
ADSTYPE_INTEGER
512
configuration
^CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchTurfListAction
ADSTYPE_PRINTABLE_STRING
Filter
configuration
^CN=[^,]+,CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchTurfListOptions
ADSTYPE_INTEGER
2
configuration
^CN=[^,]+,CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchTurfListOptions
ADSTYPE_INTEGER
8
configuration
^CN=[^,]+,CN=Message Delivery,CN=Global Settings,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchTurfListOptions
ADSTYPE_INTEGER
1
configuration
^CN=Outlook Mobile Access,CN=Global Settings,CN=Labtop Organization,CN=Microsoft Exchange,CN=Services$
msExchMoaAdminWirelessEnable
ADSTYPE_INTEGER
2
configuration
^CN=Outlook Mobile Access,CN=Global Settings,CN=Labtop Organization,CN=Microsoft Exchange,CN=Services$
msExchMoaAdminWirelessEnable
ADSTYPE_INTEGER
4
configuration
^CN=[^,]+,CN=POP3,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAuthenticationFlags
ADSTYPE_INTEGER
2
configuration
^CN=[^,]+,CN=POP3,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
attribute>msExchAuthenticationFlags
ADSTYPE_INTEGER
1
configuration
^CN=[^,]+,CN=POP3,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAuthenticationFlags
ADSTYPE_INTEGER
4
configuration
^CN=[^,]+,CN=POP3,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
oWAServer
ADSTYPE_PRINTABLE_STRING
^https\:\/\/
configuration
^CN=[^,]+,CN=POP3,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchServerBindings
ADSTYPE_INTEGER
110
configuration
^CN=[^,]+,CN=POP3,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchSecureBindings
ADSTYPE_INTEGER
995
configuration
^CN=Public Folder Store \([^\)]+\),CN=[^,]*,CN=InformationStore,CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchDownGradeMultipartSigned
ADSTYPE_INTEGER
1
configuration
^CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
messageTrackingEnabled
ADSTYPE_INTEGER
262144
configuration
^CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchMessageTrackLogFilter
ADSTYPE_INTEGER
1
configuration
^CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchTrkLogCleaningInterval
ADSTYPE_INTEGER
0
configuration
^CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchMonitoringMode
ADSTYPE_INTEGER
0
configuration
^CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchMonitoringResources
ADSTYPE_PRINTABLE_STRING
^\d+\:1\:
configuration
^CN=[^,]*,CN=Connections,CN=[^,]*,CN=Routing Groups,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
routingList
ADSTYPE_PRINTABLE_STRING
^local\:
configuration
^CN=[^,]*,CN=Connections,CN=[^,]*,CN=Routing Groups,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
.*
configuration
^CN=[^,]*,CN=Connections,CN=[^,]*,CN=Routing Groups,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchSmtpOutboundSecurityFlag
ADSTYPE_INTEGER
4096
configuration
^CN=[^,]*,CN=Connections,CN=[^,]*,CN=Routing Groups,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchSmtpOutboundSecurityFlag
ADSTYPE_INTEGER
270
configuration
^CN=[^,]*,CN=Connections,CN=[^,]*,CN=Routing Groups,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$
msExchSmtpSmartHost
ADSTYPE_PRINTABLE_STRING
.+
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAuthenticationFlags
ADSTYPE_INTEGER
2
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchSmtpInboundCommandSupportOptions
ADSTYPE_INTEGER
131072
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAuthMailDisposition
ADSTYPE_INTEGER
1
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchSmtpRelayForAuth
ADSTYPE_INTEGER
0
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchSmtpSmartHost
ADSTYPE_PRINTABLE_STRING
.+
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchSmtpPerformReverseDnsLookup
ADSTYPE_INTEGER
1
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchSmtpOutgoingPort
ADSTYPE_INTEGER
25
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchSmtpOutboundSecurityFlag
ADSTYPE_INTEGER
268
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchLogType
ADSTYPE_INTEGER
1
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchServerBindings
ADSTYPE_INTEGER
25
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchServerBindingsFiltering
ADSTYPE_PRINTABLE_STRING
\:3$
configuration
^CN=[^,]+,CN=SMTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchServerBindingsTurflist
ADSTYPE_PRINTABLE_STRING
.+
configuration
^Exchange,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAuthenticationFlags
ADSTYPE_INTEGER
4
configuration
^Exchange,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAccessFlags
ADSTYPE_INTEGER
1
configuration
^Exchange,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAccessFlags
ADSTYPE_INTEGER
2
configuration
^Exchange,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchAccessFlags
ADSTYPE_INTEGER
16
configuration
^Exchange,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administrative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
msExchDirBrowseFlags
ADSTYPE_INTEGER
2147483648
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server\InstallationLocation
\w3proxy.exe
3
0
1200
257
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server\InstallationLocation
\wspsrv.exe
3
0
1200
257
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\itircl.dll
5
2
3644
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\itss.dll
5
2
3644
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
2
3790
88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
1
2600
119
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
0
2195
6824
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
1
2600
1274
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wins.exe
4
0
1381
7255
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wins.exe
4
0
1381
33554
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wins.exe
5
2
3790
99
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Microsoft Shared\web server extensions\50\bin\fp30reg.dll
10
00
4205
0000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Microsoft Shared\web server extensions\40\bin\fp30reg.dll
4
00
02
7523
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Microsoft Shared\web server extensions\40\isapi\shtml.dll
4
00
02
7523
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\jscript.dll
5
1
0
8513
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\jscript.dll
5
5
0
8513
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msgsvc.dll
5
0
2195
6861
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
Program Files\Windows NT\Accessories\wordpad.exe
5
1
2600
1606
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE\Path
outlook.exe
10
00
5709
0000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msgina.dll
4
0
1381
7255
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msgina.dll
4
0
1381
33559
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msjet40.dll
5
0
2195
6895
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msgina.dll
5
1
2600
128
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msgina.dll
5
1
2600
1343
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mf3216.dll
4
0
1381
7263
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mf3216.dll
4
0
1381
33562
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mf3216.dll
5
0
2195
6898
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mf3216.dll
5
1
2600
132
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exe\Path
\excel.exe
8
00
01
9904
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msdxm.ocx
6
4
9
1124
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wmpcore.dll
8
0
0
4482
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Windows Media Player\wmplayer.exe
8
0
0
4482
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msdxm.ocx
6
4
9
1121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Windows Media Player\wmplayer.exe
8
0
0
4490
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
4
0
1381
7268
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
4
0
1381
33591
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
5
0
2195
6992
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mf3216.dll
5
1
2600
1331
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exe\Path
\excel.exe
9
0
0
8216
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\h323.tsp
5
0
2195
6901
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\h323.tsp
5
2
3790
132
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\h323.tsp
5
1
2600
1348
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\h323.tsp
5
1
2600
134
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
System32\Ntoskrnl.exe
5
1
2600
1605
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Dhcpssvc.dll
4
0
1381
7304
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\lsasrv.dll
5
2
3790
134
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\lsasrv.dll
5
1
2600
134
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\lsasrv.dll
5
1
2600
1361
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Excel.exe\Path
\excel.exe
10
0
5815
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\lsasrv.dll
5
2
3790
220
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Dhcpssvc.dll
4
0
1381
33587
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wins.exe
5
0
2195
7005
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wins.exe
4
0
1381
7329
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wins.exe
4
0
1381
33618
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hypertrm.dll
5
2
3790
233
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path
\winword.exe
8
0
0
9315
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\schannel.dll
4
87
1964
1880
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\schannel.dll
5
1
2195
6899
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\schannel.dll
5
2
3790
132
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\schannel.dll
5
1
2600
136
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\schannel.dll
5
1
2600
1347
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hypertrm.dll
5
1
2600
1609
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hypertrm.dll
5
1
2600
2563
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\comsvcs.dll
2000
2
3511
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\comsvcs.dll
2001
12
4414
53
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\comsvcs.dll
2001
12
4720
130
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path
\winword.exe
8
0
0
9716
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msjet40.dll
4
0
8618
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wmsjet40.dll
4
0
8618
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
5
50
4939
300
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
6
00
2739
300
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
6
00
37909
137
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
6
00
2800
1409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
0
2195
6904
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
1
2600
135
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
1
2600
1361
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcss.dll
5
0
2195
6906
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path
\winword.exe
9
0
0
8216
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wintrust.dll
5
131
1880
14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wintrust.dll
5
131
2195
6824
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\lsasrv.dll
5
0
2195
6902
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
0
2195
6905
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
2
3790
139
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
1
2600
137
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
1
2600
1362
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcss.dll
5
1
2600
135
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcss.dll
5
1
2600
1361
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcss.dll
5
2
3790
142
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\helpctr.exe
5
1
2600
137
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wkssvc.dll
5
1
2600
120
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hypertrm.dll
5
0
2195
7000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4913
1100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\w3svc.dll
4
2
775
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2713
1100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2716
2200
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\w3svc.dll
5
0
2195
5269
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4725
2100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\netman.dll
5
0
2195
5974
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3504
2500
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\ism.dll
5
0
2195
5671
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wkssvc.dll
5
1
2600
1301
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\smtpsvc.dll
5
0
2195
4905
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\ism.dll
4
2
764
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\srvsvc.dll
5
0
2195
4980
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\w3svc.dll
5
0
2195
2103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3513
900
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3502
4856
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2723
2500
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
0
2195
6106
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rasman.dll
4
0
1381
7140
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rasman.dll
5
0
2195
4983
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path
\winword.exe
10
0
5815
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\netlogon.dll
5
0
893
1105
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\asp.dll
5
0
2195
6672
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
296
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\smss.exe
5
0
2195
5695
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\ism.dll
5
0
2195
3407
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
ssmsrp70.dll
2000
80
213
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hypertrm.dll
4
0
1381
7323
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
428
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\snmp.exe
4
0
1381
7134
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\drivers\mup.sys
5
0
2195
5080
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3523
1700
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\httpext.dll
0
9
3940
20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2715
400
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2719
2200
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Locator.exe
4
0
1381
7202
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\ntdll.dll
5
0
2195
6685
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Drivers\SRV.SYS
5
0
2195
6699
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
608
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
odsole70.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2800
1264
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
0
2195
6802
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3810
1700
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shdocvw.dll
5
0
3214
2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2722
900
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\snmp.exe
5
0
2195
4919
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\drivers\mup.sys
4
0
1381
7125
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
5
0
3502
4718
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\smss.exe
4
0
1381
7152
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\netlogon.dll
4
0
1381
7092
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4923
2500
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\ism.dll
4
2
776
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\cryptui.dll
5
131
2600
117
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4934
1600
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\cryptui.dll
5
131
2600
1243
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\xactsrv.dll
5
0
2195
5971
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\xenroll.dll
5
131
3659
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\w3svc.dll
5
0
2195
2784
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\idq.dll
5
0
2195
3645
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\cryptui.dll
5
131
2195
6758
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\drivers\rdpwd.sys
5
0
2195
5880
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\jscript.dll
5
6
0
8513
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
5
1
2600
118
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
5
1
2600
1255
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2734
1600
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wkssvc.dll
5
0
2195
6861
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\itircl.dll
5
2
3790
80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4922
900
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hypertrm.dll
4
0
1381
842
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Common Files\Microsoft Shared\TextConv\mswrd664.wpc
2004
10
25
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Common Files\Microsoft Shared\TextConv\wmswrd632.wpc
2004
10
25
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
3790
191
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2800
1458
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2743
600
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4943
400
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2800
1276
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3532
300
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\tshoot.ocx
1
0
1
2125
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msgsvc.dll
5
1
2600
120
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msgsvc.dll
5
1
2600
1301
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
578
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpstar.dll
2000
80
561
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\srvsvc.dll
5
0
2195
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dxmasf.dll
6
4
9
1121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
650
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3819
300
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
3790
94
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
0
2195
6753
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Common Files\Microsoft Shared\TextConv\mswrd632.wpc
2004
10
25
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\kernel32.dll
4
0
1381
7224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\nntpsvc.dll
5
0
2195
3881
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcproxy.dll
5
2
3790
137
srv03_qfe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
5
0
2195
6799
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hhctrl.ocx
5
2
3669
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hhsetup.dll
5
2
3644
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcproxy.dll
5
2
3790
141
srv03_qfe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcproxy.dll
5
0
2195
6904
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\tlntsvr.exe
5
0
33668
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\sp3res.dll
5
0
2195
6713
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\umandlg.dll
1
0
0
3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3510
1100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\helpctr.exe
5
2
3790
161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\ole32.dll
4
0
1381
7263
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\ssinc.dll
5
0
2195
6624
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\ole32.dll
4
0
1381
33562
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcproxy.dll
4
0
1381
7255
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcproxy.dll
4
0
1381
33559
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\helpctr.exe
5
1
2600
1515
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\MSN Messenger\msgsc.dll
6
1
0
211
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Common Files\Microsoft Shared\TextConv\mswrd6.wpc
10
0
803
2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msjava.dll
5
0
3810
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msjava.dll
5
0
3809
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\helpctr.dll
5
2
3790
125
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\w3svc.dll
4
2
769
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Msw3prt.dll
5
0
2195
3649
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\w3svc.dll
4
0
1381
164
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4613
1700
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2712
0300
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4926
2500
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Microsoft Shared\web server extensions\40\bin\fp4areg.dll
4
00
02
7523
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2716
2200
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2713
1100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4927
2100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\snmp.exe
4
0
1381
133
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
3
70
11
40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
2000
80
746
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\helpctr.dll
5
1
2600
128
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\helpctr.dll
5
1
2600
1340
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\evtgprov.dll
5
1
2600
136
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\evtgprov.dll
5
1
2600
1363
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Microsoft Shared\web server extensions\50\bin\fp5areg.dll
10
00
4205
0000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
2000
81
9001
40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
2000
81
9041
40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\umandlg.dll
1
0
0
4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4616
200
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4701
2400
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Windows NT\Accessories\mswd6_32.wpc
2004
10
21
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Windows NT\Accessories\mswrd632.wpc
2004
10
21
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\lsasrv.dll
5
1
2600
2525
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\lsasrv.dll
5
0
2195
6987
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\w3svc.dll
4
2
780
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\InstallDirectory
h323fltr.dll
3
0
1200
291
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\msw3prt.dll
5
0
2195
5807
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\code.asp
4
0
1381
279
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\w3svc.dll
5
5
2195
6672
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\nsiislog.dll
4
1
0
3931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\nsiislog.dll
4
1
0
3932
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\nsiislog.dll
4
1
0
3861
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\w3svc.dll
5
1
2600
1125
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system\vserver.vxd
4
10
2001
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\w3svc.dll
4
2
764
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\msw3prt.dll
5
0
2195
3649
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Setup\Services
\bin\exprox.dll
6
5
6980
57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Msw3prt.dll
5
0
2195
2956
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Crystal Decisions\1.1\Managed\CrystalDecisions.Web.dll
9
1
9800
9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
5
0
2195
6902
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
4
0
1381
7265
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
4
0
1381
33563
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Ipnathlp.dll
5
0
2195
6902
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ipnathlp.dll
5
1
2600
137
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ipnathlp.dll
5
1
2600
1364
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ipnathlp.dll
5
2
3790
142
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\lsasrv.dll
5
1
2600
1597
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\sqlsrv32.dll
3
70
11
46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wins.exe
5
2
3790
239
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
4
0
1381
7342
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
4
0
1381
33630
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
5
0
2195
7017
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
5
1
2600
1617
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
5
2
3790
245
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\ciodm.dll
5
2
3790
220
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\ciodm.dll
5
1
2600
1596
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
2
3790
76
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
1
2600
109
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\sqlsrv32.dll
2000
80
747
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
1
2600
148
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
1
2600
1517
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
2
3677
144
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
3
0
903
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\SysWOW64\dplayx.dll
5
2
3790
163
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
2
3790
163
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
5
1
2600
1254
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hlink.dll
5
2
3790
227
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\sqlsrv32.dll
2000
81
9002
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hlink.dll
5
2
3790
227
srv03_qfe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hlink.dll
5
2
3790
225
srv03_qfe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\srvsvc.dll
5
1
2600
1613
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\srvsvc.dll
5
1
2600
2577
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wmp.dll
9
0
0
3250
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\microsoft shared\triedit\dhtmled.ocx
6
1
0
9232
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\microsoft shared\triedit\dhtmled.ocx
6
1
0
9231
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\microsoft shared\triedit\wdhtmled.ocx
6
1
0
9231
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\sqlsrv32.dll
2000
81
9042
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\drivers\mrxsmb.sys
5
1
2600
2598
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\drivers\mrxsmb.sys
5
2
3790
252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\microsoft shared\triedit\wdhtmled.ocx
6
1
0
9232
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\drivers\mrxsmb.sys
5
0
2195
7023
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\ole32.dll
5
0
2195
7021
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\ole32.dll
5
1
2600
2595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\ole32.dll
5
2
3790
250
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\sqlsrv32.dll
2000
85
1025
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\hhctrl.ocx
5
2
3790
233
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
3
70
11
46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2800
1491
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2800
1492
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
3790
259
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3528
700
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3825
700
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
2000
80
747
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\tcpcfg.dll
4
0
1381
7064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\tcpcfg.dll
4
0
1381
7097
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\winlogon.exe
4
0
1381
7058
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Setup\Services
\bin\mad.exe
6
5
5700
21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
650
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
odsole70.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
2000
81
9002
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpstar.dll
2000
80
628
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
0
2195
6927
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
0
2258
410
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
1
2600
891
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
2
3677
144
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dplayx.dll
5
3
0
903
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
636
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
ssnetlib.dll
2000
80
636
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpqueue.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xprepl.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
2000
81
9042
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xplog70.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpweb70.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\crypt32.dll
5
131
2600
1123
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\cryptdlg.dll
5
0
1558
6608
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\cryptdlg.dll
5
0
1558
6072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
5
0
2195
6159
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
4
0
1381
7203
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
4
0
1381
33545
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Sp3res.dll
5
0
2195
6928
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\odbcbcp.dll
2000
85
1025
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\psxss.exe
4
0
1381
33567
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\psxss.exe
5
0
2195
6929
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Umandlg.dll
1
0
0
5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\psxss.exe
4
0
1381
7269
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\itss.dll
5
2
3790
185
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mstask.dll
4
71
2195
6920
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\w3svc.dll
4
2
788
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
5
0
3900
6922
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
6
0
3790
168
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
6
0
2800
1517
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\MSN Messenger\msgsc.dll
6
0
0
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
6
0
2800
1556
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
6
0
3790
163
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
4
72
3841
1100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mstask.dll
5
1
2600
155
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mstask.dll
5
1
2600
1564
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mstask.dll
5
1
2600
1555
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mstask.dll
4
71
1979
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
6
0
2800
1233
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
6
0
2600
115
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Windows Media\Server\nscm.exe
4
1
0
3934
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
6
0
2742
200
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
6
0
3790
181
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\drivers\netbt.sys
5
1
2600
117
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\drivers\netbt.sys
5
1
2600
1243
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Drivers\SRV.SYS
5
1
2600
112
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Drivers\SRV.SYS
5
1
2600
1193
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
6
0
2800
1441
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
6
0
3790
185
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetcomm.dll
5
50
4942
400
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Windows Media\Server\nspmon.exe
4
1
0
3934
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path
\winword.exe
9
0
0
7924
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
4
0
1381
7267
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\user32.dll
4
0
1381
7177
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\gdi32.dll
4
0
1381
7177
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\winsrv.dll
4
0
1381
7202
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\win32k.sys
4
0
1381
7207
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path
\winword.exe
9
0
0
6926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
5
1
2600
1151
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Common Files\System\msadc\msadco.dll
2
62
9119
1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Common Files\System\msadc\msadco.dll
2
53
6202
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
\Common Files\System\msadc\msadco.dll
2
12
5118
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\10.0\Common\InstallRoot\Path
msohev.dll
10
0
2609
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\cdo.dll
5
5
2558
10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Winword.exe\Path
\winword.exe
9
0
0
6328
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Microsoft Shared\TextConv\MSCONV97.DLL
2003
1100
6252
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\msasn1.dll
5
0
2195
6823
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
4
0
1381
7116
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System\Ole DB folder\sqlisapi.dll
2000
80
309
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
760
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\sxs.dll
5
2
3790
121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\sxs.dll
5
1
2600
1363
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Microsoft Shared\OFFICE11\GDIPLUS.DLL
6
0
3264
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
\Microsoft Shared\OFFICE11\MSO.DLL
10
0
6714
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
5
0
3900
6970
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dbmslpcn.dll
2000
80
818
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2900
2604
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\httpext.dll
5
0
2195
6958
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\smtpsvc.dll
6
0
3790
211
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\httpext.dll
6
0
2600
165
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\httpext.dll
6
0
2600
1579
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\vdmdbg.dll
5
0
2195
6946
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\nntpsvc.dll
6
0
3790
206
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\gdi32.dll
5
0
2195
6945
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\win32k.sys
5
2
3790
198
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\SysWOW64\shell32.dll
6
9
2800
1580
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
818
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
6
0
2800
1580
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\gdi32.dll
4
0
1381
33566
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\gdi32.dll
4
0
1381
7270
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
6
0
2750
166
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\httpext.dll
6
0
3790
212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
4
72
3843
3100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\shell32.dll
4
0
1381
3356
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\nddenb32.dll
4
0
1381
7268
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\grpconv.exe
5
0
2195
6966
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
ssmslpcn.dll
2000
80
818
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\nddenb32.dll
4
0
1381
33565
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\netdde.exe
4
0
1381
33574
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\netdde.exe
4
0
1381
7280
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\grpconv.exe
4
0
1381
7286
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\grpconv.exe
4
0
1381
33577
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\grpconv.exe
5
2
3790
205
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\syswow64\shell32.dll
5
2
3790
205
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\netdde.exe
5
0
2195
6952
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\netdde.exe
5
0
2195
6922
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\grpconv.exe
5
1
2600
166
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
ssnetlib.dll
2000
80
818
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\grpconv.exe
5
1
2600
1580
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\syswow64\shell32.dll
5
1
2600
1580
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\zipfldr.dll
6
0
2750
167
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\nntpsvc.dll
5
0
2195
6972
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\zipfldr.dll
6
0
2800
1584
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\vdmdbg.dll
5
1
2600
1560
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\SysWOW64\zipfldr.dll
6
0
2800
1584
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\zipfldr.dll
6
0
3790
198
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\SysWOW64\zipfldr.dll
6
0
3790
198
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\nntpsvc.dll
5
5
1877
79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
ssnmpn70.dll
2000
80
818
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\nddenb32.dll
5
2
3790
173
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\netdde.exe
5
2
3790
184
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\SysWOW64\nddenb32.dll
5
2
3790
193
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\SysWOW64\netdde.exe
5
2
3790
193
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\netdde.exe
5
1
2600
1567
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\nddenb32.dll
5
1
2600
1555
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\nddenb32.dll
5
1
2600
149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\inetsrv\netdde.exe
5
1
2600
158
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\SysWOW64\netdde.exe
5
1
2600
1567
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\SysWOW64\nddenb32.dll
5
1
2600
1555
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\80\SharedCode
msgprox.dll
2000
80
765
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2900
2523
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2900
2524
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
4
0
1381
7299
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
3790
219
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcrt4.dll
4
0
1381
33578
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\80\SharedCode
replrec.dll
2000
80
765
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3821
2800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3534
2800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
4945
2800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2745
2800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2745
2800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\Drivers\SRV.SYS
4
0
1381
7214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcss.dll
4
0
1381
7224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\rpcss.dll
5
0
2195
6810
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\quartz.dll
6
1
5
132
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\80\SharedCode
sqlvdi.dll
2000
80
765
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\kernel32.dll
5
0
2195
6011
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
impprov.dll
2000
80
650
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dbmsrpcn.dll
2000
80
213
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
Program Files\Microsoft ISA Server\msphlpr.dll
3
0
1200
408
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpweb70.dll
2000
80
778
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
msgprox.dll
2000
80
765
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\80\SharedCode
replprov.dll
2000
80
798
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
replrec.dll
2000
80
765
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlvdi.dll
2000
80
765
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpqueue.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xprepl.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xplog70.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpweb70.dll
2000
80
606
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpstar.dll
2000
80
628
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
%windir%\InetPub\scripts\proxy\w3proxy.dll
2
0
390
16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
console.exe
2000
80
818
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\dbmslpcn.dll
2000
80
818
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlmap70.dll
2000
80
811
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlrepss.dll
2000
80
765
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\System32\Ntoskrnl.exe
5
1
2600
160
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
ums.dll
2000
80
816
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
odsole70.dll
2000
80
800
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wkssvc.dll
5
00
2195
6862
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
odsole70.dll
2000
80
223
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpqueue.dll
2000
80
223
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xprepl.dll
2000
80
223
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
xpstar.dll
2000
80
223
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exe\Path
sqlservr.exe
2000
80
384
0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3526
800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
0
3813
800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
5
50
4937
800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2737
800
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
2800
1400
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\mshtml.dll
6
0
3790
118
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot
\system32\wins.exe
5
0
2195
6870
LM\W3SVC
6014
LM\W3SVC
6014
^.*asp\.dll.*$
^LM\\MSFTPSVC\\.*$
1016
4
LM\W3SVC
6014
^.*ism\.dll.*$
LM\W3SVC
6014
^.*idq\.dll.*$
LM\W3SVC
6032
LM\\W3SVC\\/d*\\ROOT
6011
^http:*,PERMANENT,*
^LM\\W3SVC\\.*$
5506
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentVersion
5.0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840374
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DataAccess
FullInstallVer
^2\.5.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DataAccess
FullInstallVer
^2\.6.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DataAccess
FullInstallVer
^2\.70.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DataAccess
FullInstallVer
^2\.71.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DataAccess
FullInstallVer
^2\.8.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server
VersionMajor
3
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\MSExchangeWEB\DAV
ReuseConnections
0
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\Fwsrv
Start
4
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Fpc\\Arrays\\\{[^\\]+\}\\Extensions\\Proxy-Plugins\\\{FE440D49-AB26-11D2-A101-00C04FB6CFB6\}$
msFPCEnabled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\832759
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft ISA Server SP
DisplayName
Microsoft ISA Server 2000 Updates
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\DataAccess\Q832483
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832483
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\291
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Exchange\Setup
Services Version
65
HKEY_CLASSES_ROOT
HCP
.*
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1200
3
HKEY_CURRENT_USER
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1200
3
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1400
3
HKEY_CURRENT_USER
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1400
3
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\408
Kbs
KB888258
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Office\9.0\Word\InstallRoot
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Office\10.0\Word\InstallRoot
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Office\9.0\Excel\InstallRoot
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Office\10.0\Excel\InstallRoot
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888258
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832894
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Media Services\KB832359
IsInstalled
1
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\ NT\\CurrentVersion\\Hotfix\\[Kk][Bb]834707[-a-zA-Z0-9.]*$
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB867282\Filelist
^.*$
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist
^.*$
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\nsstation
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Media Services\KB832359
Start
4
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetShow
Version
4.1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB867282-ie6sp1-20050127.163319
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB867282-ie501sp3-20050107.164329
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server
Enabled
1
HKEY_LOCAL_MACHINE
SSOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB867282-ie501sp4-20050107.164742
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Media Player 9\KB885492
PackageVersion
1.1
HKEY_LOCAL_MACHINE
\SOFTWARE\Classes\.asx
.*
HKEY_LOCAL_MACHINE
\SOFTWARE\Classes\.wax
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Outlook Express\Version Info
Current
5,50,4807,1700
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Outlook Express\Version Info
Current
6,0,2600,0000
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Outlook Express\Version Info
Current
6,0,3790,0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Outlook Express\Version Info
Current
6,0,2800,1106
HKEY_LOCAL_MACHINE
\SOFTWARE\Classes\.wvx
.*
HKEY_LOCAL_MACHINE
\SOFTWARE\Classes\.wpl
.*
HKEY_LOCAL_MACHINE
\SOFTWARE\Classes\.wmx
.*
HKEY_LOCAL_MACHINE
\SOFTWARE\Classes\.wms
.*
HKEY_LOCAL_MACHINE
\SOFTWARE\Classes\.wmz
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
6.00.2600.0000
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DataAccess
FullInstallVer
^2\.1.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB837001
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB837009
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB835732
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828741
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}
IsInstalled
1
HKEY_CURRENT_USER
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1001
3
HKEY_CURRENT_USER
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1803
3
HKEY_CURRENT_USER
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1A02
3
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1A03
3
HKEY_CURRENT_USER
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1A03
3
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\Netlogon
Start
2
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Office\10.0\Outlook\InstallRoot
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}
DisplayVersion
10.0.4333.0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}
DisplayVersion
10.0.6626.0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentVersion
5.1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
6.0.2900.2180
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{D7B44F3E-77D3-44C5-8E03-4222D9A18B7B}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{61E6EAE5-7821-4AC1-9BBD-AED032A8E273}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{FF4DD9CD-F25E-425a-8B5C-A2D062781FBB}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{2757B1D6-0367-4663-877C-93ECC5C01BF6}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{C34F4917-ED43-439f-9023-97B0024A2B3B}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{f5de1b93-9d38-416b-b09e-aa85a8e84309}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\INetStp
MajorVersion
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\INetStp
MinorVersion
0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q319733
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q327696
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811114
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
6.0.2600.0000
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
^Service Pack [4-9]|\d{2,}$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\INetStp
MajorVersion
5
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
^Service Pack [3-9]|\d{2,}$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.50.4134.0100
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.50.4134.0600
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.50.4522.1800
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326886
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{839117ee-2132-4bae-a56a-42b50204c9b9}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.2919.800
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.2919.3800
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.2919.6307
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.2920.0000
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.3103.1000
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.3105.0106
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.3314.2101
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB867801
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q321599
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313450
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix
IsInstalled
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\SMTPSVC
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q295534
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q301625
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q299444
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318593
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q269862
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q277873
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q293826
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885836
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
Service Pack 2
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q331953
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Ras\CurrentVersion
PathName
RASPHONE.PBK
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318138
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\RasMan
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\SP2SRP1
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion
CurrentVersion
8.00.194
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\MSSQLServer\MSSQLServer
LoginMode
2
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q320206
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q314147
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\SNMP
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q311967
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q291845
Installed
1
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1A02
3
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
gopher
gopher://
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q810833
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\RPCLocator
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q815021
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\277
Kbs
816456
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB817606
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
^Service Pack [4-9]|\d{2,}$
HKEY_LOCAL_MACHINE
SOFTWARE\Classes\MIME\Database\Content Type\application/hta
Extension
.hta
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824146
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Ole
EnableDCOM
Y
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{90A2A715-D986-4EAB-8C73-4D06114EF760}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}
IsInstalled
1
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1803
3
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q312895
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q313829
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q321599
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
^Service Pack [2-9]|\d{2,}$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823182
Installed
1
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1001
3
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326830
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\lanmanserver
Start
2
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323172
Installed
1
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1200
0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q300972
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
HKEY_LOCAL_MACHINE
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Security_HKLM_only
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Terminal Server
ProductVersion
5.0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q324380
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\RDPWD
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824141
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\UtilMan
Start
4
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\Messenger
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB825119
Installed
1
HKEY_CLASSES_ROOT
HCP
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents
fp_extensions
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB826232
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q305601
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329170
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
enablesecuritysignature
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\MediaPlayer\8.0\Registration
UDBVersion
8.0.0.4477
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Media Player\wm320920
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Media Player\wm308567
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\5.0\Setup Packages
Microsoft FrontPage Server Extensions 2002
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823803
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Media Player\wm817787
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q303984
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\NntpSvc
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323255
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\Setup Packages
FrontPage 2000 Server Extensions SR
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\257
Kbs
331066
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\Fwsrv
Start
2
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q307298
IsInstalled
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\Tlntsvr
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822679
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\Setup Packages
SharePoint
Installed
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
Service Pack 6
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.50.4134.0100
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.50.4134.0600
HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad
EnableLegacyConverters
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.50.4522.1800
HKEY_LOCAL_MACHINE
Software\Microsoft\Active Setup\Installed Components\{A954CDD5-A95F-414F-B3FE-FBEF9D2AECEA}
IsInstalled
1
HKEY_LOCAL_MACHINE
Software\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
6.0.2600.0000
HKEY_LOCAL_MACHINE
Software\Microsoft\Active Setup\Installed Components\{716E024F-7F74-47F3-B93B-9FF7F3CBF94C}
IsInstalled
1
HKEY_LOCAL_MACHINE
Software\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}
IsInstalled
1
HKEY_LOCAL_MACHINE
Software\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB885835
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Security_HKLM_only
1
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1803
3
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885249
Installed
1
HKEY_LOCAL_MACHINE
^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$
1200
3
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\DataAccess\Q823718
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DataAccess
FullInstallVer
^2\.6.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB870763
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DataAccess
FullInstallVer
^2\.7.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Ole
EnableDCOMHTTP
Y
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q232449
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\Hotfix\Q811114
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB817772
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB822343
Installed
1
HKEY_CLASSES_ROOT
htfile
^.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\INetStp
MinorVersion
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion
Version
Windows 98
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\UtilMan{5c773859-bb96- 48fa-875b-6a58aae072f4}
IsInstalled
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage
Bind
0
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage
Export
0
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\NetBIOS\Linkage
Route
0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion
Version
^Windows.*
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\LmHosts
Start
4
HKEY_LOCAL_MACHINE
^SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\Interfaces\\Tcpip.*$
NetbiosOptions
2
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
Service Pack 1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\ProductOptions
ProductType
WinNT
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\w3svc
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DirectX
Version
^4\.08\.01.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DirectX
Version
^4\.08\.02.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DirectX
Version
^4\.09.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643-DirectX82
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB839643-DirectX9
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Product\Options
ProductType
^.*ServerNT.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
^Service Pack [1-9]|\d{2,}$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentVersion
^5\.[1-2]$
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Product\Options
ProductType
^.*LanmanNT.*$
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\ProductOptions
ProductSuite
Terminal Server
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB873339\ Filelist
^.*$
HKEY_CLASSES_ROOT
SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB873339\Filelist
^.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q265714
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Transaction Server\Packages
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q317636
Installed
1
HKEY_LOCAL_MACHINE
^Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*
DisplayName
Microsoft Exchange 2000
HKEY_LOCAL_MACHINE
Software\Microsoft\Updates\Exchange Server 2000\SP3\Q316056
.*
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
Everyone
HKEY_CLASSES_ROOT
SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB873339\ Filelist
^.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion
CurrentVersion
8.00.194
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DirectX
Version
^4\.07.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DirectX
Version
^4\.08\.00.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX8
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DirectX
Version
^4\.08\.01.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX81
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DirectX
Version
^4\.08\.02.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX82
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\DirectX
Version
^4\.09\.00.*
HKEY_CLASSES_ROOT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix \KB873339\Filelist
^.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839643-DirectX9
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\LSA
RestrictAnonymous
0
HKEY_LOCAL_MACHINE
\Software\VERITAS\Backup Exec\Server
CurrentVersion
8.5
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB824105\Filelist
installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824105\Filelist
installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329115
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q811493
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Session Manager\Subsystem
Posix
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841872
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB842526
Installed
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840315
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB841873
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q841373
Installed
1
HKEY_LOCAL_MACHINE
System\CurrentControlSet\Services\w3svc\parameters
MaxClientRequestBufferData
16384
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839645
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Classes\ITSProtocol
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{bfb56e60-5895-496c-bd6b-459b97142e4c}
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB821557
Installed
1
HKEY_CLASSES_ROOT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\kb823353
Installed
1
HKEY_USERS
^S-[-0-9]+\\Identities\\\{[-0-9A-Z]+\}\\Software\\Microsoft\\Outlook\ Express\\5\.0\\Mail$
ShowHybridView
0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}
Version
5,6,0,8513
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
6.00.2800.1106
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}
Version
5,1,0,8513
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}
Version
5,5,0,8513
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q328310
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329414
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Exchange\Setup
ServicePackBuild
2653
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Exchange Server 5.5\SP5\842436a
IsInstalled
2
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\MSExchangeweb
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
6.00.3790.0000
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB833987
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB833987
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}
DisplayVersion
10.0.4330.0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90110409-6000-11D3-8CFE-0150048383C9}
DisplayVersion
11.0.6252.7
HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Patches\9FEC06657760FC84499ED532196D45EE2
Security Update for Office 2003: Wordperfect 5.x Converter (KB873378)
Installed
HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Patches\FC3FF5BA5FE5D1B4A9B9CD3698A34B89
.*
Installed
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Visual Studio\7.1\M8303481037
Installed
1
HKEY_LOCAL_MACHINE
Software\Microsoft\VisualStudio\7.1
.*
HKEY_LOCAL_MACHINE
Software\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0150048383C9}
DisplayVersion
11.0.5614.0
HKEY_LOCAL_MACHINE
Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040B30900063D11C\Patches\69B0450262BC7F44E8D4B683A49E437A
Installed
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0050048383C9}
DisplayVersion
10.0.8326.0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040B30900063D11C8EF00054038389C\Patches\1F6752D69ABCD9F4B8021B9163826CAC
Installed
HKEY_LOCAL_MACHINE
Software\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}
DisplayVersion
10.2.5110
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040150945D64D11EB3E000CF4993045\Patches\A75085E78F7F14244A464F09F6543C6C
Installed
HKEY_LOCAL_MACHINE
Software\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9}
DisplayVersion
11.0.3216.5614
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040150900063D11C8EF10054038389C\Patches\6B94DD4A71ECBDE43822F9D47D963102
Installed
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00000409-78E1-11D2-B60F-006097C998E7}
DisplayVersion
9.00.9327
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.50.4807.2300
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Patches\A1334AC428B43BF4E9547C55D3DFE977
.*
Installed
HKEY_LOCAL_MACHINE
Software\Microsoft\VisualStudio\7.0
.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040F50095765D115AF4000972A8B18B\Patches\4A3C9366F1471A7479BB3FDBC1FE3B31
Installed
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C\Patches\4461EFFBCC9338645A85657DBDEB9E61
Installed
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{dc0d5f50-5F0b-46bf-8683-93ac61c67001}
ComponentID
Q833989
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00010409-78E1-11D2-B60F-006097C998E7}
DisplayVersion
9.00.9327
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Installed
1
HKEY_LOCAL_MACHINE
Software\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841356
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
^Service Pack [0-4]$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
^Service Pack [5-9]|\d{2,}$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.3700.1000
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
DisableWebDAV
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885881
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885881
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840987
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB883935
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824151
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.3502.1000
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion
Version
Windows ME
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841533
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB883935
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873376
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Classes\CompressedFolder
FriendlyTypeName
.*zipfldr\.dll.*
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883935
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB883935
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873350
File
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp3-20040929.121357
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
5.00.3315.1000
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie501sp4-20040929.111451
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Active Setup\Installed Components\{ 3e7bb08a-a7a3-4692-8eac-ac5e7895755b}
IsInstalled
1
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707-ie6-20040929.115007
IsInstalled
1
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB834707
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Internet Explorer
Version
6.00.2900.2180
HKEY_CURRENT_USER
^Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings$
DisableCachingOfSSLPages
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q817606
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q823980
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q19696
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824245
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentVersion
5.2
HKEY_CLASSES_ROOT
telnet\shell\open
command
C:\Program Files\Windows NT\hypertrm.exe /t %1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891711
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB871250\Filelist
^.*$
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Session Manager\Environment
PROCESSOR_ARCHITECTURE
ia64
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\lanmanworkstation
Start
4
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Control\Session Manager\Environment
PROCESSOR_ARCHITECTURE
x86
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB871250\Filelist
^.*$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentVersion
4.0
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888113
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion
CSDVersion
^Service Pack [0-2]$
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB888302
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\MediaPlayer\9.0\Registration
UDBVersion
9.00.00.2980
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828035
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Media Player 9\SP0\KB885492
PackageVersion
1.1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Updates\Windows Media Player 9\KB885492
PackageVersion
1.1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828749
Installed
1
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891781
IsInstalled
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB810217
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Proxy Server
Microsoft Proxy Server
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885250
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873333
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB890175
Installed
1
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB830352
Installed
1
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\wins
Start
4
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828028
Installed
1