The OVAL Repository5.42015-09-03T07:04:27.344-04:00IE Frame Domain Verification VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE File Upload VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerThe file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components SQL-DMO Buffer Overflow (Test 1)Microsoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.Christine WalzerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJosh TurpinDEPRECATEDDEPRECATEDIE File Download Dialog VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE URLMON Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerBuffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDZone Spoofing through Malformed Web Page VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDIE Slash Characters in Type Property VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerBuffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE File Execution User-prompt Bypass VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 6The application Microsoft Internet Explorer 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v5.5,SP2 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDAddress Bar Spoofing on Double Byte Character Set Systems VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0, SP1 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows Script Engine Heap Overflow (Test 3)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.5Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDDEPRECATED: Windows Script Engine Heap Overflow (Test 2)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Windows Script Engine for JScript v5.1Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDMicrosoft Data Access Components 2.8 Broadcast Response Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Data Access Components 2.8Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMJeff ChengACCEPTEDACCEPTEDIE v6.0,SP1 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.7 Broadcast Response Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Data Access Components 2.7Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Plug-in Navigation Address Bar Spoofing VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Travel Log Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Similar Method Name Redirection Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows XPMicrosoft Internet ExplorerMicrosoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows (ME, NT, 2K, XP), IE v6,SP1 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Install Engine Buffer OverflowMicrosoft Windows MEMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5, SP2 HijackClick 3 / Script in Image Tag File Download VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMSJava Applet CODEBASE File Access VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Virtual Machine (VM)Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 SSL Cached Content VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows (ME, NT, 2K), IE v5.5,SP2 CSS Heap Memory Corruption VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.6 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.6Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v5.5, SP2 SSL Cached Content VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Zone Restrictions Bypass via XML VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Install Engine Buffer OverflowMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInteger overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Function Pointer Drag and Drop VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."Andrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.5 Broadcast Response Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.Christine WalzerINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Improper URL Canonicalization VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."Andrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Script URLs Cross Domain Zone Restrictions BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOffice XP URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Office XP SP3Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogIngrid SkoogIngrid SkoogAnna MinDRAFTINTERIMACCEPTEDINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows MEMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows ME Program Group Converter Buffer OverflowMicrosoft Windows MEProgram Group ConverterBuffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 HijackClick VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Function Pointer Override Cross Domain VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 ExecCommand Cross Domain Zone Restriction BypassMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.Andrew ButtnerAndrew ButtnerAndrew ButtnerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Bitmap Integer Overflow VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInteger overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.Ingrid SkoogDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.6 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.6Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDMicrosoft Office Visio Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Office Visio Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Data Access Components 2.5 Remote Data Services Buffer OverflowMicrosoft Windows 95Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Data Access Components 2.5Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.Ingrid SkoogDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDClifford FarrugiaINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v5.5,SP2 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Project Professional URL Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Project Professional 2002Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDIE v5.5,SP2 Malformed GIF Image Double-free VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerDouble free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.Andrew ButtnerDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Windows Script Engine Heap Overflow (Test 1)Microsoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPWindows Script Engine for JScript v5.6Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.Tiffany BergeronDavid ProulxDavid ProulxACCEPTEDChristine WalzerChristine WalzerINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDAnna MinINTERIMACCEPTEDNate PrzybyszewskiDEPRECATEDSudhir GandheShane ShafferDEPRECATEDWindows ME Long Share Names VulnerabilityMicrosoft Windows MEWindows ShellBuffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.Andrew ButtnerDRAFTINTERIMACCEPTEDACCEPTEDIE v6.0,SP1 Drag-and-Drop Code Execution VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".Harvey RubinovitzDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Java Virtual Machine Security BypassMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Virtual Machine (VM)The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."Tiffany BergeronINTERIMACCEPTEDACCEPTEDIE5.01,SP4 Java Proxy COM Object Instantiation Memory Corruption VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerInternet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.Harvey RubinovitzDRAFTJonathan BakerINTERIMACCEPTEDRobert L. HollisACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStep-by-Step Interactive Training Buffer OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Interactive TrainingBuffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.Ingrid SkoogDRAFTINTERIMACCEPTEDJohn HoylandINTERIMACCEPTEDACCEPTEDScob and Toofer Internet Explorer v6.0,SP1 VulnerabilitiesMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerThe WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.Tiffany BergeronDRAFTINTERIMACCEPTEDChristine WalzerINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDirectX 9 DirectShow Malicious MIDI File VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDACCEPTEDIE Web Page Spoofing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Internet ExplorerInternet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."Tiffany BergeronINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDirectX 8 DirectShow Malicious MIDI File VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003DirectXMultiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDRobert L. HollisINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDIE plugin.ocx Heap OverflowMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet ExplorerHeap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express 5.5,SP2 News Reading VulnerabilityMicrosoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Outlook ExpressStack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.Ingrid SkoogDRAFTINTERIMACCEPTEDACCEPTEDIE File Download Dialog Deception VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Internet ExplorerInternet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.Tiffany BergeronINTERIMACCEPTEDINTERIMHarvey RubinovitzACCEPTEDChristine WalzerINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Outlook Express v6.0,SP1 MHTML URL Processing VulnerabilityMicrosoft Windows 98Microsoft Windows MEMicrosoft Windows NTMicrosoft Windows 2000Microsoft Windows XPMicrosoft Outlook ExpressThe MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."Andrew ButtnerINTERIMACCEPTEDACCEPTEDAs stated in the iDefense security advisory, if this key exists and contains a value, then the system has Interactive Training installed, and it will process .cbo files.HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q823718IsInstalledHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTUREHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB832483InstalledHKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet SettingsDisableCachingOfSSLPagesodbcbcp.dllsqlsrv32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\DataAccess\Q832483IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}DisplayVersionHKEY_LOCAL_MACHINESoftware\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6D54-11D4-BEE3-00C04F990354}WindowsInstallermsadco.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q329414InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DataAccessFullInstallVerMSO.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{903B0409-6000-11D3-8CFE-0050048383C9}DisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCSDVersionjscript.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{ 3e7bb08a-a7a3-4692-8eac-ac5e7895755b}IsInstalledmsjava.dllHKEY_CLASSES_ROOTMITrain.Document\shell\open\commandOrun32.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Step by Step Interactive Training\SP2\KB898458\FilelistHKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1200HKEY_CURRENT_USER^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400HKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1400HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{754D29C1-0C97-405F-98D0-21B212CA7FF1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\DirectXVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q819696InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB897715InstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{D7B44F3E-77D3-44C5-8E03-4222D9A18B7B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{61E6EAE5-7821-4AC1-9BBD-AED032A8E273}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{FF4DD9CD-F25E-425a-8B5C-A2D062781FBB}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2757B1D6-0367-4663-877C-93ECC5C01BF6}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{C34F4917-ED43-439f-9023-97B0024A2B3B}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{F9C174E3-3E87-40bc-AA94-B8974F2B9222}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{f5de1b93-9d38-416b-b09e-aa85a8e84309}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{377483c2-e4b4-4ee8-b577-9aed264c8735}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{057997dd-71e4-43cc-b161-3f8180691a9e}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}IsInstalledmshtml.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{716E024F-7F74-47F3-B93B-9FF7F3CBF94C}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{E81659DF-28E1-4C60-B4B9-00A4BC5FA76D}IsInstalledHKEY_LOCAL_MACHINESoftware\Microsoft\Active Setup\Installed Components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsSecurity_HKLM_onlyHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\[0-4]$1803HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Active Setup\Installed Components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}IsInstalledHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Outlook Express\Version InfoCurrentinetcomm.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRoot6.0.2713.11003.70.11.4015.50.4927.21006.0.2716.2200^6\..*$5.50.4939.3005.0.3534.28005.5.0.85135,5,0,85135.1.0.85135,1,0,8513x86ia64^2\.8.*$2000.85.1025.02000.85.1025.01^2\.70.*$2000.81.9002.02000.81.9002.0^2\.71.*$2000.81.9042.02000.81.9042.05.0.3809.02000.80.747.02000.80.747.013.70.11.463.70.11.4616.0.2800.14005.50.4937.80010.0.6626.05.50.4945.28006.0.2800.12765.50.4934.1600^2\.6.*$2.62.9119.110.2.511012.53.6202.01^2\.5.*$10.0.8326.010.0.6735.010.0.8326.05.50.4943.4005.0^Service Pack ([4-9]|\d{2,})$5.6.0.85135,6,0,8513Windows ME6.0.2800.147615.0.3810.05.00.3700.10005.0.3831.18003.5.0.11716.00.2800.1106333316.0.2800.1458^4\.[0]*9\.[0]+\.[0]*900^4\.[0]*9\.[0]+\.[0]*9015.50.4134.01005.50.4134.06005.50.4522.180015.50.4616.2005.50.4701.2400^4\.[0]*8\..*$15.50.4807.23005.50.4926.250015,50,4807,17005.50.4952.28001111111111^6\.0+\.2600\.0+$16.0.2712.3001111316,0,2800,11066.0.2800.1409\System\msadc\Microsoft Shared\OFFICE10\Help\SBSI\Training\System32