The OVAL Repository 5.10 2015-09-03T11:04:52.159-04:00 Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe Reader Adobe Acrobat Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. Aharon Chernin DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. Aharon Chernin DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. J. Daniel Brown DRAFT Mike Lah Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Movie Maker 2.1 Movie Maker 2.6 Movie Maker 6.0 Microsoft Producer 2003 Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." Dragos Prisaca DRAFT Josh Turpin INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Movie Maker 2.6 Windows Movie Maker 2.6 is installed Dragos Prisaca DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows XP Microsoft PowerPoint 2002 Microsoft PowerPoint 2003 Microsoft PowerPoint 2007 Microsoft PowerPoint 2010 The application Microsoft Producer 2003 is installed Josh Turpin DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Movie Maker 6.0 Windows Movie Maker 6.0 is installed. Maria Mikhno DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Movie Maker 2.1 Windows Movie Maker 2.1 is installed. Maria Mikhno DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2007 Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." Dragos Prisaca DRAFT Sudhir Gandhe Sudhir Gandhe INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Reader Adobe Acrobat Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors. J. Daniel Brown DRAFT INTERIM Jeff Cockerill Jeff Cockerill ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM Sergey Artykhov ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 MySQL Server 5.0 MySQL Server 5.1 The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 MySQL Server 5.0 MySQL Server 5.1 mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246. Dragos Prisaca DRAFT INTERIM ACCEPTED Sudhir Gandhe INTERIM Sudhir Gandhe ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2007 Microsoft Office Compatibility Pack Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability." Dragos Prisaca DRAFT J. Daniel Brown Dragos Prisaca INTERIM ACCEPTED Sudhir Gandhe INTERIM Sudhir Gandhe ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Office PowerPoint 2002 Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Office SharePoint Server 2007 Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Excel 2007 Microsoft Excel 2007 SP1 is installed Maria Mikhno DRAFT Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft SharePoint Server 2007 SharePoint Server 2007 SP1 is installed. Maria Mikhno DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Excel Viewer 2007 Microsoft Excel Viewer 2007 SP1 is installed Maria Mikhno DRAFT Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Office Compatibility Pack The application Microsoft Office Compatibility Pack SP1 is installed. Maria Mikhno DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows 7 Microsoft Office XP Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow." Dragos Prisaca DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file. J. Daniel Brown DRAFT INTERIM Jeff Cockerill Jeff Cockerill ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245. Dragos Prisaca DRAFT INTERIM ACCEPTED Sudhir Gandhe INTERIM Sudhir Gandhe ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. Nikita MR DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Dragos Prisaca DRAFT Sudhir Gandhe Sudhir Gandhe INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Office PowerPoint 2003 Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Dragos Prisaca DRAFT J. Daniel Brown INTERIM ACCEPTED Sudhir Gandhe INTERIM Sudhir Gandhe ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. J. Daniel Brown DRAFT Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla SeaMonkey The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. Nikita MR DRAFT J. Daniel Brown INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Kedovskaya INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531. Dragos Prisaca DRAFT J. Daniel Brown INTERIM ACCEPTED Sudhir Gandhe INTERIM Sudhir Gandhe ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 MySQL Server 5.1 MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. J. Daniel Brown DRAFT Mike Lah Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM J. Daniel Brown ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. J. Daniel Brown DRAFT Matt Hansbury Matt Hansbury INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache Apache HTTP Server 1.3.x is installed on the system J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 8 Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Dragos Prisaca DRAFT Sudhir Gandhe Sudhir Gandhe INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. J. Daniel Brown DRAFT Mike Lah Mike Lah INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Sudhir Gandhe INTERIM Sudhir Gandhe ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Office PowerPoint 2003 Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 MSN Messenger 4.7 MSN Messenger 6.1 MSN Messenger 6.2 Adobe Acrobat Reader Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. Josh Turpin DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista MSN Messenger 6.1 MSN Messenger 6.1 is installed Josh Turpin DRAFT INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP A version of Microsoft Windows XP Professional x64 Edition Service Pack 1 is installed. Andrew Buttner DRAFT INTERIM ACCEPTED Andrew Buttner INTERIM ACCEPTED Brendan Miles INTERIM ACCEPTED Todd Dolinsky INTERIM ACCEPTED Todd Dolinsky INTERIM Tim Harrison Tim Harrison Tim Harrison ACCEPTED Sudhir Gandhe INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 MSN Messenger 4.7 The application Windows Messenger 4.7 is installed Dragos Prisaca DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista MSN Messenger 6.2 MSN Messenger 6.2 is installed Robert L. Hollis DRAFT INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 A version of Microsoft Windows Server 2003 (x86) Gold is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED Andrew Buttner INTERIM ACCEPTED Tim Harrison INTERIM Tim Harrison Tim Harrison ACCEPTED Shane Shaffer INTERIM ACCEPTED Sudhir Gandhe INTERIM Shane Shaffer ACCEPTED David Rothenberg INTERIM ACCEPTED ACCEPTED Microsoft Windows XP The operating system installed on the system is Microsoft Windows XP SP1 (32-bit). Robert L. Hollis DRAFT INTERIM ACCEPTED Andrew Buttner INTERIM ACCEPTED Sudhir Gandhe INTERIM Shane Shaffer ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 8 Microsoft Office SharePoint Server 2007 Microsoft Windows SharePoint Services 3.0 Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Dragos Prisaca DRAFT Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Dragos Prisaca INTERIM ACCEPTED Chandan S INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows XP Trend Micro Internet Security Pro The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows XP Trend Micro Internet Security Pro Trend Micro Internet Security is installed SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla SeaMonkey Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Google Chrome Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. J. Daniel Brown DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. SecPod Team DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Mozilla Firefox The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. SecPod Team DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability." Preeti Subramanian DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime." Nikita MR DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple Safari Apple iTunes ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. J. Daniel Brown DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Earth Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file. SecPod Team DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Earth Google Earth is installed SecPod Team DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. J. Daniel Brown DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 MySQL Server 6.0 MySQL Server 5.1 sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 MySQL Server 6.0 MySQL Server 6.0 is installed J. Daniel Brown DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshaling of an untrusted pointer. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Windows Media Format Runtime 9.0 Windows Media Format Runtime 9.5 Windows Media Format Runtime 11 Quartz.dll (DirectShow) Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889. Josh Turpin DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP RealPlayer RealPlayer SP Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. Preeti Subramanian DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Josh Turpin DEPRECATED Chandan S Dragos Prisaca Maria Mikhno DEPRECATED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Adobe Captivate Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. SecPod Team INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Adobe Captivate Adobe Captivate is installed SecPod Team INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. Preeti Subramanian DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file. J. Daniel Brown DRAFT INTERIM ACCEPTED Jeff Cockerill INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue." J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Google Chrome ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1823. Reason: This candidate is a duplicate of CVE-2010-1823. Notes: All CVE users should reference CVE-2010-1823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. J. Daniel Brown DRAFT INTERIM ACCEPTED Nelson Bunker DEPRECATED Shane Shaffer Shane Shaffer Shane Shaffer Shane Shaffer Maria Kedovskaya DEPRECATED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability." J. Daniel Brown DRAFT INTERIM ACCEPTED Jeff Cockerill INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 UltraPlayer Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file. Preeti Subramanian DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 UltraPlayer UltraPlayer is installed Preeti Subramanian DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. J. Daniel Brown DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue." J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 IrfanView Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression. Antu Sanadi DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Visual Studio Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file. SecPod Team DRAFT INTERIM ACCEPTED Dragos Prisaca DEPRECATED DEPRECATED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue." J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Google Chrome Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Mozilla Firefox The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913. SecPod Team DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP BlackBerry Desktop Software The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack. SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Google Chrome Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2183. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Mozilla Firefox The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. SecPod Team DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. Nikita MR DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 MySQL Server 5.0 MySQL Server 5.1 The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP RealPlayer RealPlayer SP Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word 2007 Microsoft Word 2010 Microsoft Office Word Viewer Microsoft Office Compatibility Pack Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Sharath S INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer Josh Turpin ACCEPTED Sergey Artykhov INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. J. Daniel Brown DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Maria Mikhno INTERIM Evgeniy Pavlov Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 8 Microsoft Windows SharePoint Services 3.0 Microsoft Office SharePoint Server 2007 Microsoft Office SharePoint Foundation 2010 Microsoft Groove Server 2010 Microsoft Office Web Apps The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257. Dragos Prisaca DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Dragos Prisaca INTERIM ACCEPTED Chandan S INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP PostgreSQL The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. SecPod Team DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Office XP Microsoft Excel 2003 Microsoft PowerPoint 2003 Microsoft Publisher 2003 Microsoft Visio 2003 Microsoft Word 2003 Microsoft Excel 2007 Microsoft PowerPoint 2007 Microsoft Publisher 2007 Microsoft Visio 2007 Microsoft Word 2007 Microsoft Wordpad Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Josh Turpin INTERIM Josh Turpin ACCEPTED INTERIM Dragos Prisaca ACCEPTED Shane Shaffer INTERIM Shane Shaffer Shane Shaffer Shane Shaffer Josh Turpin ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM Evgeniy Pavlov ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Free Download Manager Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Antu Sanadi DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2181. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Office SharePoint Server 2007 Microsoft Windows SharePoint Services 3.0 Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Josh Turpin DRAFT DEPRECATED Jonathan Baker Dragos Prisaca Chandan S DEPRECATED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249. Josh Turpin DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP RealPlayer Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Contacts Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. SecPod Team INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." J. Daniel Brown DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. SecPod Team DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple iTunes Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. SecPod Team DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 MySQL Server 5.0 MySQL Server 5.1 Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows XP avast! Free Antivirus Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) file. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers." J. Daniel Brown DRAFT INTERIM ACCEPTED Jeff Cockerill INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Download Manager A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. Preeti Subramanian DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763. SecPod Team DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 VBScript 5.1 VBScript 5.6 VBScript 5.7 VBScript 5.8 vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP RealPlayer RealPlayer SP RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft .NET Framework The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. Dragos Prisaca DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Sharath S INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Internet Information Server (IIS) 6.0 Microsoft Internet Information Server (IIS) 7.0 Microsoft Internet Information Server (IIS) 7.5 Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Chandan S INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. Dragos Prisaca DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. J. Daniel Brown DRAFT INTERIM ACCEPTED Jeff Cockerill INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Internet Information Server (IIS) 5.1 Microsoft Internet Information Server (IIS) 6.0 Microsoft Internet Information Server (IIS) 7.0 Microsoft Internet Information Server (IIS) 7.5 Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." Dragos Prisaca DRAFT Dragos Prisaca INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft IIS 5.1 The application Microsoft IIS 5.1 is installed. Robert L. Hollis INTERIM ACCEPTED Jonathan Baker INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft IIS 6.0 The application Microsoft IIS 6.0 is installed. Robert L. Hollis INTERIM ACCEPTED Jonathan Baker INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Google Chrome Mozilla Firefox Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Shane Shaffer INTERIM Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Mozilla Firefox The browser installed on the system is Mozilla Firefox Prabhu S A DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Bhavya K INTERIM Dragos Prisaca ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Sharath S INTERIM Sharath S ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 8 The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Office Visio 2003 Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe Reader Adobe Acrobat Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer Sergey Artykhov ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. J. Daniel Brown DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Visual Basic for Applications VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. SecPod Team DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple Safari Apple iTunes Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. J. Daniel Brown DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Microsoft Word 2003 Microsoft Office Word Viewer Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Sharath S INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability." J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Free Download Manager Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI, or (4) a redirect. Antu Sanadi DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Free Download Manager Free Download Manager is installed Antu Sanadi DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer. J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 VMWare Tools VMWare Tools is installed on the system J. Daniel Brown DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows 7 Microsoft Windows Vista Apple QuickTime Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. SecPod Team DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. Preeti Subramanian DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla SeaMonkey Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Jeff Cockerill INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla SeaMonkey Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Chandan S INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187. J. Daniel Brown DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Google Chrome Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Internet Information Server (IIS) 7.5 Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Apache mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player. SecPod Team DRAFT INTERIM ACCEPTED Chandan S INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple Safari Apple iTunes ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. J. Daniel Brown DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. J. Daniel Brown DRAFT INTERIM ACCEPTED Jeff Cockerill INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP uTorrent Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP uTorrent uTorrent is installed SecPod Team DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED Gaurav Kumar INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Cabinet File Viewer Shell Extension The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple Safari Apple iTunes ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. J. Daniel Brown DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Google Chrome ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1825. Reason: This candidate is a duplicate of CVE-2010-1825. Notes: All CVE users should reference CVE-2010-1825 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. J. Daniel Brown DRAFT INTERIM ACCEPTED Nelson Bunker DEPRECATED Shane Shaffer Shane Shaffer Shane Shaffer Shane Shaffer Maria Kedovskaya DEPRECATED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821. Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Winamp Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located in the same folder as a .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf or .cda file. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe Reader Adobe Acrobat Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM Sergey Artykhov ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP BlackBerry Desktop Software Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP BlackBerry Desktop Software BlackBerry Desktop Software is installed SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2007 Microsoft Office Compatibility Pack Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability." Dragos Prisaca DRAFT Dragos Prisaca J. Daniel Brown INTERIM ACCEPTED Sudhir Gandhe INTERIM Sudhir Gandhe ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft .NET Framework The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." Dragos Prisaca DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP RealPlayer RealPlayer SP Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. J. Daniel Brown DRAFT Benjamin Marandel INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656. SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Authenticode Signature Verification The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Adobe Photoshop Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information. SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla SeaMonkey Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP TeamViewer Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .tvs or .tvc file. SecPod Team DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP TeamViewer TeamViewer is installed SecPod Team DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." SecPod Team DRAFT INTERIM SecPod Team SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245. Josh Turpin DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245. Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2183. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function." J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator, a different vulnerability than CVE-2010-2174. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Apple Safari Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. Preeti Subramanian DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple Safari Apple iTunes Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. J. Daniel Brown DRAFT INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Outlook Express Microsoft Windows Mail Microsoft Windows Live Mail Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Chandan S INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Windows Mail Microsoft Windows Mail is installed Sudhir Gandhe DRAFT Robert L. Hollis INTERIM ACCEPTED Dragos Prisaca INTERIM Dragos Prisaca ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Seamonkey Mozilla Firefox Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201. J. Daniel Brown DRAFT INTERIM ACCEPTED SecPod Team INTERIM SecPod Team ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Google Chrome ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1824. Reason: This candidate is a duplicate of CVE-2010-1824. Notes: All CVE users should reference CVE-2010-1824 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. J. Daniel Brown DRAFT INTERIM ACCEPTED Nelson Bunker DEPRECATED Shane Shaffer Shane Shaffer Shane Shaffer Shane Shaffer Maria Kedovskaya DEPRECATED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Internet Explorer 5 Microsoft Internet Explorer 6 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package Microsoft Outlook Express 5.5 Microsoft Outlook Express 6.0 Windows Media Player 9 Windows Media Player 10 Windows Media Player 11 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." J. Daniel Brown DRAFT INTERIM ACCEPTED Mike Lah INTERIM Mike Lah Mike Lah Mike Lah ACCEPTED Rachana Shetty INTERIM Dragos Prisaca Dragos Prisaca Dragos Prisaca Dragos Prisaca ACCEPTED Dragos Prisaca INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Chandan S INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The application Microsoft Visio Viewer 2002 is installed. Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The application Microsoft Office Visio Viewer 2003 is installed. Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The application Microsoft Office Visio Viewer 2007 is installed. Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Outlook Express 5.5 Microsoft Outlook Express 5.5 SP2 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Outlook Express 6 Microsoft Outlook Express 6 SP1 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Internet Explorer 5 The application Microsoft Internet Explorer 5.01 SP4 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED Robert L. Hollis INTERIM ACCEPTED Brendan Miles INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Outlook Express 6.0 Microsoft Outlook Express 6.0 for Windows XP/2003 is installed Robert L. Hollis DRAFT INTERIM ACCEPTED Brendan Miles INTERIM ACCEPTED Tim Harrison INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Outlook 2007 Microsoft Outlook 2007 SP1 is installed SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Outlook 2007 Microsoft Outlook 2007 SP2 is installed SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 IrfanView IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error." Antu Sanadi DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 AOL Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method. Antu Sanadi DRAFT Todd Dolinsky INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 AOL The application AOL is installed. Antu Sanadi DRAFT Todd Dolinsky INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED Jerome Athias INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP RealPlayer Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." Josh Turpin DRAFT Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 MySQL Server 5.0 MySQL Server 5.1 Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 MySQL Server 5.0 MySQL Server 5.0 is installed J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 8 The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows 7 Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." Josh Turpin DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Internet Explorer 8 Microsoft Office InfoPath 2003 Microsoft Office InfoPath 2007 Microsoft Office SharePoint Server 2007 Microsoft Windows SharePoint Services 3.0 Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization. Dragos Prisaca DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Josh Turpin INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Chandan S INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft InfoPath 2003 The application Microsoft InfoPath 2003 is installed. Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Flash Player Adobe AIR Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Prabhu S A DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP TechSmith SnagIt Untrusted search path vulnerability in TechSmith SnagIt 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP TechSmith SnagIt TechSmith Snagit is installed SecPod Team DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. J. Daniel Brown DRAFT INTERIM ACCEPTED Jeff Cockerill INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Flash Player Adobe AIR Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." Prabhu S A DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Google Chrome Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements." SecPod Team DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Windows Media Player Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Chandan S INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP RealPlayer RealPlayer SP Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP RealPlayer RealPlayer SP RealPlayer or RealPlayer SP is installed on the system SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Kingsoft Antivirus Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Kingsoft Antivirus Kingsoft Antivirus is installed SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. J. Daniel Brown DRAFT INTERIM ACCEPTED Preeti Subramanian INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe AIR Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability." J. Daniel Brown DRAFT INTERIM J. Daniel Brown ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. J. Daniel Brown DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Richard Helbing INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP PostgreSQL The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433. SecPod Team DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP PostgreSQL PostgreSQL is installed SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. J. Daniel Brown DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247. Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249. Josh Turpin DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Apple QuickTime Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation. J. Daniel Brown DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Flash Player Adobe AIR Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." Prabhu S A DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Opera Browser Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. Nikita MR DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671. Dragos Prisaca DRAFT INTERIM ACCEPTED Sudhir Gandhe INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Word 2002 Microsoft Word 2003 Microsoft Office Word Viewer 2003 Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Sharath S INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. Prabhu S A DRAFT INTERIM ACCEPTED Akihito Nakamura INTERIM ACCEPTED Bhavya K INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Opera Browser Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. Antu Sanadi DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. Prabhu S A DRAFT INTERIM ACCEPTED Pai Peng INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Maxthon Browser Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header. Sharath S DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Sudhir Gandhe INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet with a crafted formula embedded in a cell, aka "Excel Formula Parsing Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Apple Safari The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft .NET Framework Microsoft Silverlight The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM J. Daniel Brown J. Daniel Brown J. Daniel Brown ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Avast! AntiVirus Unspecified vulnerability in ashWsFtr.dll in Avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Apple Safari Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Office Excel Viewer 2003 Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Flash Player Adobe AIR Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. Prabhu S A DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft .NET Framework Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 (Original RTM or later) is installed Sudhir Gandhe DRAFT INTERIM ACCEPTED ACCEPTED Nate Przybyszewski INTERIM ACCEPTED Sharath S INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Maxthon Browser Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. Sharath S DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Maxthon Browser The operating system having Maxthon Browser installation. Sharath S DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Pidgin libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Pidgin The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED Maria Mikhno DEPRECATED DEPRECATED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED J. Daniel Brown DEPRECATED Dragos Prisaca Maria Mikhno DEPRECATED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information. Antu Sanadi DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. Antu Sanadi DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. Prabhu S A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Opera Browser Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Opera Browser Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. Nikita MR DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674. Dragos Prisaca DRAFT INTERIM ACCEPTED Sudhir Gandhe INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Apple Safari Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Mozilla Seamonkey Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. Prabhu S A DRAFT INTERIM ACCEPTED Akihito Nakamura INTERIM ACCEPTED Bhavya K INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Pidgin The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Pidgin The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Pidgin The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as "scripted content." Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Project 2000 Microsoft Project 2002 Microsoft Project 2003 Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." J. Daniel Brown DRAFT INTERIM ACCEPTED Mike Lah INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Project 2003 The application Microsoft Project 2003 SP3 is installed. Sudhir Gandhe DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 The application Microsoft Project 2000 SR1 is installed. Robert L. Hollis INTERIM ACCEPTED Jonathan Baker INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. Prabhu S A DRAFT Mike Lah INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED J. Daniel Brown J. Daniel Brown INTERIM ACCEPTED Sudhir Gandhe INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. Chandan S DRAFT Brendan Miles INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Prashant Kumar INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Avast! AntiVirus Stack-based buffer overflow in aswMon2.sys in Avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft ASN.1 Library Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Pidgin Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Flash Player Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH. Prabhu S A DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer DEPRECATED Maria Kedovskaya Maria Kedovskaya Maria Mikhno DEPRECATED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Office Excel Viewer 2003 Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Rhino Software Serv-U Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Jerome Athias INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple Safari Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. Chandan S DRAFT Chandan S INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Jerome Athias INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Host Integration Server 2000 Microsoft Host Integration Server 2004 Client Microsoft Host Integration Server 2004 Microsoft Host Integration Server 2006 Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." Sudhir Gandhe DRAFT Sudhir Gandhe Todd Dolinsky INTERIM ACCEPTED Pradeep R B INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Host Integration Server 2000 A version of Microsoft Host Integration Server 2000 SP2 is installed Sudhir Gandhe DRAFT INTERIM ACCEPTED Brendan Miles INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Host Integration Server 2004 Client A version of Microsoft Host Integration Server 2004 Client SP1 is installed Sudhir Gandhe DRAFT Todd Dolinsky Todd Dolinsky Todd Dolinsky INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Pradeep R B INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Host Integration Server 2004 A version of Microsoft Host Integration Server 2004 is installed Sudhir Gandhe DRAFT Todd Dolinsky Todd Dolinsky Todd Dolinsky INTERIM ACCEPTED Brendan Miles INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Pradeep R B INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Host Integration Server 2000 Administrator Client A version of Microsoft Host Integration Server 2000 Administrator Client is installed Sudhir Gandhe DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Host Integration Server 2004 Client A version of Microsoft Host Integration Server 2004 Client is installed Sudhir Gandhe DRAFT Todd Dolinsky Todd Dolinsky Todd Dolinsky INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Pradeep R B INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Host Integration Server 2006 A version of Microsoft Host Integration Server 2006 is installed Sudhir Gandhe DRAFT Todd Dolinsky Todd Dolinsky INTERIM ACCEPTED Brendan Miles INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple Safari Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Jerome Athias INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. Prabhu S A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple iTunes Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. Chandan S DRAFT INTERIM ACCEPTED Mike Lah INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Avast! AntiVirus aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Avast! AntiVirus The application Avast! AntiVirus for Windows is installed. Sharath S DRAFT INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information. Prabhu S A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. Chandan S DRAFT INTERIM ACCEPTED Mike Lah INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability." Prabhu S A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Prabhu S A DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Apple Safari Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Visio 2002 Microsoft Visual Studio 2008 Microsoft SQL Server 2005 Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Mike Lah INTERIM ACCEPTED J. Daniel Brown INTERIM Mike Lah Mike Lah Mike Lah ACCEPTED Dragos Prisaca INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM Maria Mikhno ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft SQL Server 2005 Microsoft SQL Server 2005 SP2 is installed. J. Daniel Brown DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 The application Microsoft Project 2002 SP1 is installed. Robert L. Hollis INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 The operating system installed on the system is Microsoft Windows 2000 SP4 or later. Robert L. Hollis DRAFT INTERIM ACCEPTED Jonathan Baker INTERIM ACCEPTED Tim Harrison INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sudhir Gandhe INTERIM Shane Shaffer ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Excel Viewer 2003 The application Microsoft Excel Viewer 2003 is installed. Robert L. Hollis INTERIM ACCEPTED Sudhir Gandhe INTERIM ACCEPTED Brendan Miles INTERIM Brendan Miles ACCEPTED Jonathan Baker INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft ASN.1 Library The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. Dragos Prisaca DRAFT INTERIM ACCEPTED Rachana Shetty INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Rhino Software Serv-U Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command. Sharath S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Rhino Software Serv-U The operating system having Rhino Software Serv-U installation. Sharath S DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple Safari WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP Microsoft Office PowerPoint Viewer 2003 Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Pradeep R B INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Pidgin protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP Microsoft Office PowerPoint Viewer 2003 A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Pradeep R B INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista The application Microsoft PowerPoint Viewer is installed. Dragos Prisaca DRAFT INTERIM ACCEPTED Brendan Miles INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. Antu Sanadi DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft .NET Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED J. Daniel Brown INTERIM J. Daniel Brown J. Daniel Brown J. Daniel Brown ACCEPTED Josh Turpin INTERIM ACCEPTED INTERIM Dragos Prisaca ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Adobe Shockwave Player Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information. Antu Sanadi DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Mozilla Firefox layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Prabhu S A DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Evgeniy Pavlov INTERIM Evgeniy Pavlov ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple Safari Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP Microsoft Office Compatibility Pack Microsoft Office PowerPoint 2000 Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 Microsoft Office PowerPoint 2007 A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability." Dragos Prisaca DRAFT INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Pradeep R B INTERIM ACCEPTED Shane Shaffer INTERIM Josh Turpin ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft PowerPoint 2000 The application Microsoft PowerPoint 2000 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED Jonathan Baker INTERIM ACCEPTED Brendan Miles INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Acrobat Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Chandan S DRAFT INTERIM ACCEPTED Benjamin Marandel INTERIM ACCEPTED Shane Shaffer INTERIM Shane Shaffer ACCEPTED Sergey Artykhov INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov Shane Shaffer ACCEPTED Maria Kedovskaya INTERIM Maria Kedovskaya Maria Kedovskaya Maria Kedovskaya ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Adobe Reader Adobe Reader 7 Series is installed Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Sergey Artykhov INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Apple QuickTime Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Opera Browser Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. Chandan S DRAFT INTERIM ACCEPTED Josh Turpin INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. Prabhu.S.A DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Mozilla Firefox Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. Chandan S DRAFT INTERIM ACCEPTED Sergey Artykhov INTERIM Sergey Artykhov ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Apple iTunes Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. Chandan S DRAFT INTERIM ACCEPTED Mike Lah INTERIM ACCEPTED Scott Quint INTERIM ACCEPTED Pooja Shetty INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Bernd Eggenmueller INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 Wireshark The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. Chandan S DRAFT INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED Shane Shaffer INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel Viewer 2007 Microsoft Office Compatibility Pack Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft PowerPoint 2007 Microsoft PowerPoint 2010 Microsoft PowerPoint 2013 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1738. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2012 Microsoft SQL Server 2014 Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Acrobat Adobe Reader Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. Maria Mikhno DRAFT INTERIM INTERIM Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2012 Microsoft SQL Server 2014 Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Word Viewer Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows 8 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka "Windows Installer EoP Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka "Internet Explorer Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Acrobat Adobe Reader Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Maria Mikhno DRAFT INTERIM INTERIM Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Adobe Acrobat Adobe Acrobat is installed Maria Mikhno DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Adobe Reader Adobe Reader is installed Maria Mikhno DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2388. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Adobe Flash Player Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. Maria Mikhno DRAFT INTERIM INTERIM Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2411. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 7 The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2406. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, and CVE-2015-2422. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2012 Microsoft SQL Server 2014 Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft SQL Server 2012 Microsoft SQL Server 2012 SP2 is installed SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft SQL Server 2008 Microsoft SQL Server 2008 Service Pack 4 is installed SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 R2 SP3 is installed. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft SQL Server 2012 Microsoft SQL Server 2012 SP1 is installed. Maria Kedovskaya DRAFT INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Kumarswamy S INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2401. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Word Viewer Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Windows DLL Remote Code Execution Vulnerability." SecPod Team DRAFT Maria Mikhno INTERIM INTERIM Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel Viewer 2007 Microsoft Office Compatibility Pack Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2389. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2384 and CVE-2015-2425. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rtf file, aka "DLL Planting Remote Code Execution Vulnerability." SecPod Team DRAFT Maria Mikhno INTERIM INTERIM Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to bypass the ASLR protection mechanism via a crafted spreadsheet, aka "Microsoft Excel ASLR Bypass Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted stylesheet, aka "Internet Explorer Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1745. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows Server 2008 R2 Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted web site that is accessed with the F12 Developer Tools feature of Internet Explorer, aka "Microsoft Common Control Use After Free Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1747, and CVE-2015-1750. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Internet Explorer 10 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1732, CVE-2015-1742, CVE-2015-1750, and CVE-2015-1753. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1742, CVE-2015-1747, CVE-2015-1750, and CVE-2015-1753. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows Server 2008 R2 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of Service Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2401 and CVE-2015-2408. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2008 R2 Microsoft XML Core Services 3.0 Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1706, CVE-2015-1711, CVE-2015-1717, and CVE-2015-1718. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1718. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Silverlight 5 Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1689. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.2 The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM INTERIM Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft VBScript 5.6 Microsoft VBScript 5.7 Microsoft VBScript 5.8 vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows Server 2008 R2 The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Service Control Manager Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Foundation 2010 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities." SecPod Team DRAFT Kumarswamy S INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1717. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Windows Media Player Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." SecPod Team DRAFT Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Windows Media Player 10 Windows Media Player v10 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Windows Media Player 9 Windows Media Player v9 is installed. Robert L. Hollis DRAFT INTERIM ACCEPTED David Rothenberg INTERIM ACCEPTED Dragos Prisaca INTERIM ACCEPTED Maria Kedovskaya INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 VBScript 5.6 VBScript 5.7 VBScript 5.8 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript ASLR Bypass." SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1652. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Excel 2007 Microsoft Excel 2010 Microsoft PowerPoint 2007 Microsoft PowerPoint 2010 Microsoft Word 2007 Microsoft Word 2010 Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1745, and CVE-2015-1766. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory consumption and RDP outage) by establishing many RDP sessions that do not properly free allocated memory, aka "Remote Desktop Protocol (RDP) Denial of Service Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1691. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2422. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 7 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2389 and CVE-2015-2411. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka "Registry Virtualization Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Office Compatibility Pack Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2003 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 VBScript 5.8 VBScript 5.7 VBScript 5.6 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 8 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1665. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0056 and CVE-2015-1623. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1755. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1623 and CVE-2015-1626. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." SecPod Team DRAFT Kumarswamy S INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Kumarswamy S INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1705. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Word 2007 Microsoft Office Compatibility Pack Microsoft Word Viewer Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0042 and CVE-2015-0046. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 JScript 5.6 JScript 5.7 JScript 5.8 VBScript 5.6 VBScript 5.7 VBScript 5.8 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM ACCEPTED ACCEPTED Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Office Compatibility Pack Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Maria Mikhno INTERIM INTERIM Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0050. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0052, and CVE-2015-0068. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Evgeniy Pavlov INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly allocate memory, which allows remote attackers to cause a denial of service via a crafted (1) web site or (2) file, aka "Adobe Font Driver Denial of Service Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Office 2007 Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 7 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows Remote Desktop Connection 7.0 Microsoft Windows Remote Desktop Connection 8.0 Microsoft Windows Remote Desktop Connection 8.1 Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Internet Explorer 10 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0023. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 7 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1662. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Internet Explorer 8 Microsoft Internet Explorer 10 Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Richard Helbing DEPRECATED DEPRECATED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0053. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Word 2007 Microsoft Word 2010 Microsoft SharePoint Server 2010 Microsoft Office Web Apps 2010 Microsoft Office Compatibility Pack Microsoft Word Viewer Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Kumarswamy S INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED Kumarswamy S INTERIM ACCEPTED ACCEPTED Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0092, and CVE-2015-0093. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0068. SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 The photo-decoder implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly initialize memory for rendering of JXR images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "JPEG XR Parser Information Disclosure Vulnerability." SecPod Team DRAFT INTERIM ACCEPTED ACCEPTED