The OVAL Repository5.52015-09-03T07:00:12.240-04:00OpenType font driver vulnerability - CVE-2015-2426 (MS15-078)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2414 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-2402 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Elevation of privilege vulnerability - CVE-2015-2363 (MS15-073)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows installer EoP vulnerability - CVE-2015-2371 (MS15-074)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaThe Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka "Windows Installer EoP Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer information disclosure vulnerability - CVE-2015-2413 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka "Internet Explorer Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDHyper-V system data structure vulnerability - CVE-2015-2362 (MS15-068)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2008Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2389 (MS15-065)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2411.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRemote Desktop Protocol (RDP) remote code execution vulnerability - CVE-2015-2373 (MS15-067)Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 7The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k information disclosure vulnerability - CVE-2015-2381 (MS15-073)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2382.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2422 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2406.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2404 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, and CVE-2015-2422.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer ASLR bypass vulnerability - CVE-2015-2421 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDATMFD.DLL Memory corruption vulnerability - CVE-2015-2387 (MS15-077)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows RPC elevation of privilege vulnerability - CVE-2015-2370 (MS15-076)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaThe authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2397 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDJscript9 Memory corruption vulnerability - CVE-2015-2419 (MS15-065)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1729 (MS15-065)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2408 (MS15-065)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2401.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2385 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2411 (MS15-065)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2389.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOLE Elevation of privilege vulnerability - CVE-2015-2417 (MS15-075)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaOLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2412 (MS15-065)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k elevation of privilege vulnerability - CVE-2015-2365 (MS15-073)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-1743 (MS15-056)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Null pointer dereference vulnerability - CVE-2015-1721 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-1739 (MS15-056)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k information disclosure vulnerability - CVE-2015-2382 (MS15-073)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2381.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k elevation of privilege vulnerability - CVE-2015-2366 (MS15-073)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Kernel Object use after free vulnerability - CVE-2015-1724 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1740 (MS15-056)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Kernel use after free vulnerability – CVE-2015-1720 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1735 (MS15-056)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Kernel information disclosure vulnerability – CVE-2015-1719 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2410 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted stylesheet, aka "Internet Explorer Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1766 (MS15-056)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1745.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer XSS filter bypass vulnerability - CVE-2015-2398 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Station use after free vulnerability - CVE-2015-1723 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1751 (MS15-056)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Pool buffer overflow vulnerability - CVE-2015-1727 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer ASLR bypass vulnerability - CVE-2015-1685 (MS15-043)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 11Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1767 (MS15-065)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2401 and CVE-2015-2408.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-1748 (MS15-056)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft windows kernel memory disclosure vulnerability - CVE-2015-1676 (MS15-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1658 (MS15-043)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 11Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1706, CVE-2015-1711, CVE-2015-1717, and CVE-2015-1718.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k elevation of privilege vulnerability - CVE-2015-2360 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1717 (MS15-043)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 11Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1718.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOLE Elevation of privilege vulnerability - CVE-2015-2416 (MS15-075)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaOLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1709 (MS15-043)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1705 (MS15-043)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1689.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows forms elevation of privilege vulnerability - CVE-2015-1673 (MS15-048)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.2The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMINTERIMInternet Explorer memory corruption vulnerability - CVE-2015-1755 (MS15-056)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVBScript Memory corruption vulnerability - CVE-2015-2372 (MS15-065 and MS15-066)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft VBScript 5.6Microsoft VBScript 5.7Microsoft VBScript 5.8vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Journal remote code execution vulnerability - CVE-2015-1699 (MS15-045)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDService control manager elevation of privilege vulnerability - CVE-2015-1702 (MS15-050)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2003Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft Windows Server 2008 R2The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Service Control Manager Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint page content vulnerabilities – CVE-2015-1700 (MS15-047)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft SharePoint Server 2007Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2007 is installed.Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2007Microsoft Office SharePoint Server 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1718 (MS15-043)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 11Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1717.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1668 (MS15-032)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1736 (MS15-056)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft windows kernel memory disclosure vulnerability - CVE-2015-1677 (MS15-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1666 (MS15-032)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1652.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1744 (MS15-056)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1745, and CVE-2015-1766.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRemote desktop protocol (RDP) denial of service vulnerability - CVE-2015-0079 (MS15-030)Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8.1Microsoft Windows Server 2012 R2The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory consumption and RDP outage) by establishing many RDP sessions that do not properly free allocated memory, aka "Remote Desktop Protocol (RDP) Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1624 (MS15-018)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2406 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2422.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDNtCreateTransactionManager type confusion vulnerability - CVE-2015-1643 (MS15-038)Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows 8Microsoft Windows Server 2012 R2Microsoft Windows 8.1Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-1713 (MS15-043)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 11Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer clipboard information disclosure vulnerability - CVE-2015-1692 (MS15-043)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer ASLR bypass vulnerability - CVE-2015-1661 (MS15-032)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1733 (MS15-065)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2389 and CVE-2015-2411.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRegistry virtualization elevation of privilege vulnerability - CVE-2015-0073 (MS15-025)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka "Registry Virtualization Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-1704 (MS15-043)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k elevation of privilege vulnerability - CVE-2015-0078 (MS15-023)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate the token of a calling thread, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft windows kernel memory disclosure vulnerability - CVE-2015-1680 (MS15-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe font driver remote code execution vulnerability - CVE-2015-0088 (MS15-021)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0090, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Kernel Bitmap handling use after free vulnerability - CVE-2015-1722 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2390 (MS15-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft windows kernel memory disclosure vulnerability - CVE-2015-0077 (MS15-023)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTask scheduler security feature bypass vulnerability - CVE-2015-0084 (MS15-028)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe font driver remote code execution vulnerability - CVE-2015-0092 (MS15-021)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe font driver remote code execution vulnerability - CVE-2015-0090 (MS15-021)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1737 (MS15-056)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1755.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGroup Policy security feature bypass vulnerability - CVE-2015-0009 (MS15-014)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDWindows create process elevation of privilege vulnerability - CVE-2015-0062 (MS15-015)Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft schannel remote code execution vulnerability - CVE-2015-0003 (MS15-010)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1622 (MS15-018)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1689 (MS15-043)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1705.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0038 (MS15-009)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0042 and CVE-2015-0046.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k information disclosure vulnerability - CVE-2015-2367 (MS15-073)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Journal remote code execution vulnerability - CVE-2015-1675 (MS15-045)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTED.NET XML decryption denial of service vulnerability - CVE-2015-1672 (MS15-048)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMINTERIMAdobe font driver remote code execution vulnerability - CVE-2015-0093 (MS15-021)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-0072 (MS15-018)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0039 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0052, and CVE-2015-0068.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTIFF Processing information disclosure vulnerability - CVE-2015-0061 (MS15-016)Microsoft Windows Server 2003Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDAdobe font driver denial of service vulnerability - CVE-2015-0074 (MS15-021)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly allocate memory, which allows remote attackers to cause a denial of service via a crafted (1) web site or (2) file, aka "Adobe Font Driver Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-0055 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0022 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDirectory Traversal elevation of privilege vulnerability - CVE-2015-0016 (MS15-004)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Remote Desktop Connection 7.0Microsoft Windows Remote Desktop Connection 8.0Microsoft Windows Remote Desktop Connection 8.1Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0025 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0023.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0020 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Journal remote code execution vulnerability - CVE-2015-1696 (MS15-045)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGraphics component EOP vulnerability - CVE-2015-2364 (MS15-072)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaThe graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1657 (MS15-032)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGroup Policy remote code execution vulnerability - CVE-2015-0008 (MS15-011)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Kernel security feature bypass vulnerability - CVE-2015-1674 (MS15-052)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0049 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 8Microsoft Internet Explorer 10Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: WTS remote code execution vulnerability - CVE-2015-0081 (MS15-020)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDRichard HelbingDEPRECATEDDEPRECATEDInternet Explorer elevation of privilege vulnerability - CVE-2015-1703 (MS15-043)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k elevation of privilege vulnerability - CVE-2015-0057 (MS15-010)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDWindows font driver denial of service vulnerability - CVE-2015-0060 (MS15-010)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDAdobe font driver remote code execution vulnerability - CVE-2015-0091 (MS15-021)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0092, and CVE-2015-0093.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0052 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0068.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1714 (MS15-043)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDJPEG XR parser information disclosure vulnerability - CVE-2015-0076 (MS15-029)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The photo-decoder implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly initialize memory for rendering of JXR images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "JPEG XR Parser Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSchannel information disclosure vulnerability - CVE-2015-1716 (MS15-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft Windows Server 2008 R2Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft windows kernel memory disclosure vulnerability - CVE-2015-0095 (MS15-023)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue screen), or obtain sensitive information from kernel memory and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0019 (MS15-009)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k buffer overflow vulnerability - CVE-2015-1725 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGraphics component information disclosure vulnerability - CVE-2015-0002 (MS15-001)Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1636 (MS15-022)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft windows kernel memory disclosure vulnerability - CVE-2015-0094 (MS15-023)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0031 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0036, and CVE-2015-0041.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1741 (MS15-056)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1752.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Journal remote code execution vulnerability - CVE-2015-1698 (MS15-045)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1688 (MS15-043)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Error Reporting security feature bypass vulnerability - CVE-2015-0001 (MS15-006)Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTrueType font parsing remote code execution vulnerability - CVE-2015-0059 (MS15-010)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDDEPRECATED: DLL planting remote code execution vulnerability - CVE-2015-0096 (MS15-020)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDRichard HelbingDEPRECATEDDEPRECATEDHTTP.sys Remote code execution vulnerability - CVE-2015-1635 (MS15-034)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008 R2HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDLL planting remote code execution vulnerability - CVE-2015-0096 (MS15-020)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-1627 (MS15-018)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows MS-DOS device name vulnerability - CVE-2015-1644 (MS15-038)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows 8Microsoft Windows Server 2012 R2Microsoft Windows 8.1Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1694 (MS15-043)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1710.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0043 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1634 (MS15-018)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1625.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Schannel could allow security feature bypass - CVE-2015-1637 (MS15-031)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0026 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft windows kernel memory disclosure vulnerability - CVE-2015-1679 (MS15-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Telnet service buffer overflow vulnerability - CVE-2015-0014 (MS15-002)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMKumarswamy SACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAdobe font driver information disclosure vulnerability - CVE-2015-0089 (MS15-021)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0087.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0021 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 7Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1731 (MS15-056)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1736, CVE-2015-1737, and CVE-2015-1755.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-2401 (MS15-065)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2408.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows LoadLibrary EoP vulnerability - CVE-2015-1758 (MS15-063)Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka "Windows LoadLibrary EoP Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint XSS vulnerability – CVE-2015-1653 (MS15-036)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8.1Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0046 (MS15-009)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0042.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1745 (MS15-056)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1766.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Journal remote code execution vulnerability - CVE-2015-1695 (MS15-045)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1752 (MS15-056)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1741.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1625 (MS15-018)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1634.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0035 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAdobe font driver information disclosure vulnerability - CVE-2015-0087 (MS15-021)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0089.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0099 (MS15-018)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer ASLR bypass vulnerability - CVE-2015-0069 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer information disclosure vulnerability - CVE-2015-1765 (MS15-056)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMalformed PNG parsing information disclosure vulnerability - CVE-2015-0080 (MS15-024)Microsoft Windows Server 2003Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Malformed PNG Parsing Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOutlook Web App token spoofing vulnerability (CVE-2014-6319) - MS14-075Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 (no Service Pack) is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 (no Service Pack) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDExchange URL redirection vulnerability (CVE-2014-6336) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0036 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1710 (MS15-043)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1694.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6374 (MS14-080)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0023 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6373 (MS14-080)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows Journal remote code execution vulnerability - CVE-2015-1697 (MS15-045)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0030 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6363 (MS14-080)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2VBScript 5.8VBScript 5.6VBScript 5.7vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6343 (MS14-065)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0027 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0035, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer cross-domain information disclosure vulnerability. - CVE-2014-6340 (MS14-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0017 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Clipboard Information Disclosure Vulnerability - CVE-2014-6323 (MS14-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft user profile service elevation of privilege vulnerability - CVE-2015-0004 (MS15-003)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012 R2The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS vulnerability (CVE-2014-6326) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDNLA Security Feature Bypass Vulnerability - CVE-2015-0006 (MS15-005)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012 R2The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS vulnerability (CVE-2014-6325) - MS14-075Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6326.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 CU 6 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 CU 6 is installed. Microsoft Exchange Server is calendaring software, a mail server and contact manager developed by Microsoft.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer cross-domain information disclosure vulnerability - CVE-2014-6346 (MS14-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows audio service vulnerability - CVE-2014-6322 (MS14-071)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0068 (MS15-009)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0035, CVE-2015-0039, and CVE-2015-0052.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRemote Desktop Protocol (RDP) failure to audit vulnerability - CVE-2014-6318 (MS14-074)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2014-6349 (MS14-065)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6350.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer ASLR bypass vulnerability - CVE-2015-0071 (MS15-009)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6353 (MS14-065)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer cross-domain information disclosure vulnerability - CVE-2014-6345 (MS14-065)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCNG security feature bypass vulnerability - CVE-2015-0010 (MS15-010)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft Windows Kernel Brush Object use after free vulnerability - CVE-2015-1726 (MS15-061)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2015-0054 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDKerberos checksum vulnerability - CVE-2014-6324 (MS14-068)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaThe Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6341 (MS14-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer XSS filter bypass vulnerability - CVE-2014-6328 (MS14-080)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1711 (MS15-043)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 11Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1717, and CVE-2015-1718.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1706 (MS15-043)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 11Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1711, CVE-2015-1717, and CVE-2015-1718.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDASP.NET information disclosure vulnerability - CVE-2015-1648 (MS15-041)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.2ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMINTERIMGraphics component information disclosure vulnerability - CVE-2014-6355 (MS14-085)Microsoft Windows Server 2003Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaThe Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Graphics Component Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMSXML Remote Code Execution Vulnerability - CVE-2014-4118 (MS14-067)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft XML Core Services 3.0XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft windows kernel memory disclosure vulnerability - CVE-2015-1678 (MS15-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTypeFilterLevel vulnerability - CVE-2014-4149 (MS14-072)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMINTERIMWindows OLE automation array remote code execution vulnerability - CVE-2014-6332 (MS14-064)Microsoft Windows Server 2003Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaOleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer cross-domain information disclosure vulnerability - CVE-2015-0070 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWTS remote code execution vulnerability - CVE-2015-0081 (MS15-020)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft IME (Japanese) elevation of privilege vulnerability - CVE-2014-4077 (MS14-078)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Input Method Editor JapaneseMicrosoft Office IME Japanese 2007Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Input method editor (IME) Japanese is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Input Method Editor JapaneseMicrosoft Input method editor (IME) Japanese is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office 2007 IME Japanese is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Office IME Japanese 2007Microsoft Office 2007 IME Japanese is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0041 (MS15-009)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0036.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-0042 (MS15-009)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0046.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer XSS filter bypass vulnerability - CVE-2014-6365 (MS14-080)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows OLE remote code execution vulnerability - CVE-2014-6352 (MS14-064)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDIIS Security feature bypass vulnerability - CVE-2014-4078 (MS14-076)Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Information Services 8.0Microsoft Internet Information Services 8.5The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft IIS 8.5 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft IIS 8.5The application Microsoft IIS 8.5 is installed.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft IIS 8.0 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft IIS 8.0The application Microsoft IIS 8.0 is installed.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1667 (MS15-032)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2015-1652 (MS15-032)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1666.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer elevation of privilege vulnerability - CVE-2014-6350 (MS14-065)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1633 (MS15-022)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDSharePoint elevation of privilege vulnerability - CVE-2014-4116 (MS14-073)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft schannel remote code execution vulnerability - CVE-2014-6321 (MS14-066)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDenial of service in Windows Kernel Mode Driver vulnerability - CVE-2014-6317 (MS14-079)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWebDAV elevation of privilege vulnerability - CVE-2015-0011 (MS15-008)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Vistamrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6369 (MS14-080)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6351 (MS14-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-6337 (MS14-065)Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability - CVE-2014-4143 (MS14-065)Microsoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 7Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k.sys elevation of privilege vulnerability - CVE-2014-4113 (MS14-058)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4126 (MS14-056)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer ASLR bypass vulnerability - CVE-2014-4140 (MS14-056)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4127 (MS14-056)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4141 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTED.NET ClickOnce elevation of privilege vulnerability - CVE-2014-4073 (MS14-057)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMINTERIM.NET ASLR vulnerability - CVE-2014-4122 (MS14-057)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4093 (MS14-052)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4084.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4082 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4088 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4128 (MS14-056)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4065 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4081 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4108 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4104 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4105 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4107 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4099 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4103 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTask Scheduler Vulnerability - CVE-2014-4074 (MS14-054)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted task, aka "Task Scheduler Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTED.NET Framework remote code execution vulnerability - CVE-2014-4121 (MS14-057)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application, aka ".NET Framework Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMINTERIMAlows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificateMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) Service Pack 1 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 1Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDInternet explorer elevation of privilege vulnerability - CVE-2014-4124 (MS14-056)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4092 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4098.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4089 (MS14-052)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4091, and CVE-2014-4102.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4111 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4110.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4106 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4068) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4098 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4092.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4097 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4090 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer elevation of privilege vulnerability - CVE-2014-4123 (MS14-056)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4100 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-2799 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4059 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4083 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4079 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer resource information disclosure vulnerability - CVE-2013-7331 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTED.NET framework denial of service vulnerability - CVE-2014-4072 (MS14-053)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.2Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMINTERIMMicrosoft .NET Framework 4.5.2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft .NET Framework 4.5.2Microsoft .NET Framework 4.5.2 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMINTERIMInternet explorer memory corruption vulnerability - CVE-2014-4080 (MS14-052)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4089, CVE-2014-4091, and CVE-2014-4102.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4071) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Lync Server 2010Microsoft Lync Server 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Lync Server 2013Microsoft Lync Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAllows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web siteMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-4056 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2774 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2820, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2818 (MS14-051)Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Elevation of Privilege vulnerability - CVE-2014-0318 (MS14-045)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTrueType font parsing remote code execution vulnerability - CVE-2014-4148 (MS14-058)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4109 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2784 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4051.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-4058 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability allows remote attackers to bypass Protected ModeMicrosoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.Maria MikhnoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2782) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer contains a flaw that may allow bypassing the elevation policy checks in the Enhanced Protected Mode and Protected Mode mechanisms - CVE-2013-4015 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDWindows installer repair vulnerability - CVE-2014-1814 (MS14-049)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaThe Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that invokes the repair feature for a different application, aka "Windows Installer Repair Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4102 (MS14-052)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4091.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDFont Double-Fetch vulnerability - CVE-2014-1819 (MS14-045)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font files, which allows local users to gain privileges via a crafted file, aka "Font Double-Fetch Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-4052 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4110 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2817 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2819 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSharePoint Page Content Vulnerability (CVE-2014-2816) - MS14-050Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-4050 (MS14-051)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4055, and CVE-2014-4067.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCSyncBasePlayer use after free vulnerability - CVE-2014-4060 (MS14-043)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows VistaMicrosoft Windows Media CenterUse-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Media Center is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows VistaMicrosoft Windows Media CenterMicrosoft Windows Media Center is installed.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDLRPC ASLR Bypass Vulnerability - CVE-2014-0316 (MS14-047)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Memory leak in the Local RPC (LRPC) server implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (memory consumption) and bypass the ASLR protection mechanism via a crafted client that sends messages with an invalid data view, aka "LRPC ASLR Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2796 (MS14-051)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-4055 (MS14-051)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows OLE remote code execution vulnerability - CVE-2014-4114 (MS14-060)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2825 (MS14-051)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWindows kernel pool allocation vulnerability - CVE-2014-4064 (MS14-045)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka "Windows Kernel Pool Allocation Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4091 (MS14-052)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4102.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-4067 (MS14-051)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4055.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2826 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2827, and CVE-2014-4063.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-4063 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-2827.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2827 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-4063.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-4051 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2784.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4094 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4085 (MS14-052)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet explorer memory corruption vulnerability - CVE-2014-4084 (MS14-052)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4093.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2820 (MS14-051)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2808 (MS14-051)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArbitrary code executing via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.Maria MikhnoDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2801 (MS14-037)Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability - CVE-2014-2781 (MS14-039)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allows attackers to bypass intended access restrictions by leveraging control over a low-integrity process to launch the On-Screen Keyboard (OSK) and then upload a crafted application, aka "On-Screen Keyboard Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2800 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2807 and CVE-2014-2809.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2786 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2792 and CVE-2014-2813.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2807 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2809.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2804 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2798.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDDirectShow Elevation of Privilege Vulnerability - CVE-2014-2780 (MS14-041)Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2803 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-1765 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2809 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2807.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1805) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-1763 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2758) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDExtended Validation (EV) Certificate Security Feature Bypass Vulnerability - CVE-2014-2783 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability."SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1772) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1766) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure referred to triggering a kernel bug with the Internet Explorer exploit payload, but this ID is not for a kernel vulnerability.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Information Disclosure Vulnerability (CVE-2014-1777) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2771) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2769.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2813 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2792.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Elevation of Privilege Vulnerability (CVE-2014-1764) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft XML Core Services could allow information disclosure (CVE-2014-1816) - MS14-033Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft XML Core Services 3Microsoft XML Core Services 6Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover (1) full pathnames on the client system and (2) local usernames embedded in these pathnames via a crafted web site, aka "MSXML Entity URI Vulnerability."SecPod TeamDRAFTSaurabh KumarINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 6Microsoft XML Core Services 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1789) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1790.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1800) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2759) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer (CVE-2014-1779) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1780) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2757) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1773) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0282) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2792 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2813.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDVulnerability in TCP Protocol could allow denial of service - CVE-2014-1811 (MS14-031)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows 8.1Microsoft Windows Server 2012 R2The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (non-paged pool memory consumption and system hang) via malformed data in the Options field of a TCP header, aka "TCP Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2756) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2766) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1779) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2765) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1783) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2798 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2804.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1790) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1789.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1771) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1802) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2764) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2769, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1762) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1784) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1775) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRDP MAC Vulnerability (CVE-2014-0296) - MS14-030Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8.1Microsoft Windows Server 2012 R2The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWeb Applications Page Content Vulnerability (CVE-2014-1813) - MS14-022Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8Microsoft Office Web Apps 2010Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1785) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2789 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDInternet Explorer Memory corruption vulnerability (CVE-2014-1776) - MS14-021Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2777) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability (CVE-2014-1815) - MS14-029Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in .NET Framework could allow elevation of privilege - MS14-026Microsoft Windows XPMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDAncillary Function Driver Elevation of Privilege Vulnerability - CVE-2014-1767 (MS14-040)Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 7Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1803) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-2757.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Shell File Association Vulnerability - CVE-2014-1807 (MS14-027)Microsoft Windows Server 2003Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1794) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1778) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2014-2795 (MS14-037)Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804.SecPod TeamDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDSharePoint XSS Vulnerability (CVE-2014-1754) - MS14-022Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft Office Web Apps Server 2013Microsoft SharePoint Server 2013 Client Components SDKCross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 Client Components SDK is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft SharePoint Server 2013 Client Components SDKMicrosoft SharePoint Server 2013 Client Components SDK is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 SP1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 SP1 is installedSecPod TeamDRAFTMaria MikhnoINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer memory corruption vulnerability (CVE-2014-0310) - MS14-029Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1815.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2763) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows file handling vulnerability - CVE-2014-0315 (MS14-019)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1797) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDGroup Policy Preferences Password Elevation of Privilege Vulnerability - CVE-2014-1812 (MS14-025)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2775) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2766.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1770) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0981)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxVBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1799) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1803, and CVE-2014-2757.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-2769) - MS14-035Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2771.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0983)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxMultiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-1795) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Elevation of Privilege Vulnerability (CVE-2014-1791) - MS14-035Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 for Itanium is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 for Itanium is
installed.Sudhir GandheINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 is installedMicrosoft Windows Server 2003The operating system installed on the system is Microsoft Windows Server
2003.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0322) - MS14-012Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0297) - MS14-012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0308, CVE-2014-0312, and CVE-2014-0324.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Information Disclosure Vulnerability - CVE-2014-0323 (MS14-015)Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0312) - MS14-012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0305) - MS14-012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0311.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0299) - MS14-012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0305 and CVE-2014-0311.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0285) - MS14-010Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0286.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0298) - MS14-012Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0286) - MS14-010Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0285.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0284) - MS14-010Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDirectShow Memory Corruption Vulnerability - CVE-2014-0301 (MS14-013)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0308) - MS14-012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0313) - MS14-012Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0321.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0288) - MS14-010Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDType Traversal Vulnerability (CVE-2014-0257) - MS14-009Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Elevation of Privilege Vulnerability (CVE-2014-0268) - MS14-010Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0287) - MS14-010Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0281.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft graphics component memory corruption vulnerability (CVE-2014-0263) - MS14-007Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Windows Server 2008 R2Microsoft Windows Server 2012The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0281) - MS14-010Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0287.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0404Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0309) - MS14-012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0406Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0273) - MS14-010Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0274, and CVE-2014-0288.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0269) - MS14-010Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0274) - MS14-010Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0270) - MS14-010Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft XML Core Services could allow information disclosure (CVE-2014-0266) - MS14-005Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft XML Core Services 3.0The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDSaurabh KumarINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft XML Core Services 3 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft XML Core Services 3Microsoft XML Core Services 3 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0321) - MS14-012Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0313.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Cross-domain Information Disclosure Vulnerability - CVE-2014-0293 - MS14-010Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDPOST Request DoS Vulnerability (CVE-2014-0253) - MS14-009Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5.1Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."SecPod TeamDRAFTINTERIMMaria MikhnoKumarswamy SACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 4.5.1 is installedMicrosoft Windows 8.1Microsoft Windows 8Microsoft Windows 7Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft Windows Server 2012Microsoft Windows Server 2008 R2Microsoft Windows Server 2008Microsoft .NET Framework 4.5.1Microsoft .NET Framework 4.5.1 is installedMaria KedovskayaDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0324) - MS14-012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0314) - MS14-012Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2014-0311) - MS14-012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0305.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0272) - MS14-010Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0275) - MS14-010Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability - CVE-2014-0300 (MS14-015)Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows 8.1 (x64) is installedMicrosoft Windows 8.1The operating system installed on the system is Microsoft Windows 8.1 x64Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows 8.1 (x86) is installedMicrosoft Windows 8.1The operating system installed on the system is Microsoft Windows 8.1 x86Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDTCP/IP version 6 (IPv6) denial of service vulnerability (CVE-2014-0254) - MS14-006Microsoft Windows 8Microsoft Windows Server 2012The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDVirtualBox is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxVirtualBox is installedSecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDPort-Class Driver Double Fetch Vulnerability (CVE-2013-3907) - MS13-101Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Vistaportcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Port-Class Driver Double Fetch Vulnerability."SecPod TeamDRAFTDragos PrisacaINTERIMMaria KedovskayaACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-5048) - MS13-097Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5047.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Integer Overflow Vulnerability (CVE-2013-5058) - MS13-101Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability - CVE-2013-3846 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWinVerifyTrust Signature Validation Vulnerability (CVE-2013-3900) - MS13-098Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDTrueType Font Parsing Vulnerability (CVE-2013-3903) - MS13-101Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDSignalR XSS Vulnerability (CVE-2013-5042) - MS13-103Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Visual Studio Team Foundation ServerCross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transport protocol data, aka "SignalR XSS Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012 R2Microsoft Windows Server 2012Microsoft Visual Studio Team Foundation ServerMicrosoft Visual Studio Team Foundation Server 2013 is installedSecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-5051) - MS13-097Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Elevation of Privilege Vulnerability (CVE-2013-5046) - MS13-097Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDUse-After-Free Vulnerability in Microsoft Scripting Runtime Object Library (CVE-2013-5056) - MS13-099Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-5047) - MS13-097Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5048.SecPod TeamDRAFTINTERIMINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Elevation of Privilege Vulnerability (CVE-2013-5045) - MS13-097Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3911) - MS13-088Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3915) - MS13-088Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows XPMicrosoft Windows VistaMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3917.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3912) - MS13-088Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3916.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3917) - MS13-088Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows XPMicrosoft Windows VistaMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3915.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3180) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 Service Pack 2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDigital Signatures Vulnerability (CVE-2013-3869) - MS13-095Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3849) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInformationCardSigninHelper Vulnerability (CVE-2013-3918) - MS13-090Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft Windows XPThe InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."SecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3873) - MS13-080Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3882, and CVE-2013-3885.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3897) - MS13-080Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3847) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3204) - MS13-069Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3207) - MS13-069Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3209.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability (CVE-2013-3866) - MS13-076Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWord memory corruption vulnerability in Microsoft SharePoint (CVE-2013-3857) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 2 is installedSecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP2 is installedSecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3871) - MS13-088Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMSharath SACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3203) - MS13-069Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDApp Container Elevation of Privilege Vulnerability (CVE-2013-3880) - MS13-081Microsoft Windows 8Microsoft Windows Server 2012The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTrueType Font CMAP Table Vulnerability (CVE-2013-3894) - MS13-081Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPThe kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3914) - MS13-088Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3206) - MS13-069Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3207, and CVE-2013-3209.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAddress Corruption Vulnerability in Hyper-V (CVE-2013-3898) - MS13-092Microsoft Windows 8Microsoft Windows Server 2012Microsoft Hyper-V ServerMicrosoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host OS crash), via a guest-to-host hypercall with a crafted function parameter, aka "Address Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Hyper-V is installedMicrosoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Hyper-V ServerMicrosoft Windows Hyper-V is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOpenType Font Parsing Vulnerability (CVE-2013-3128) - MS13-081, MS13-082Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft .NET Framework 3.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."SecPod TeamDRAFTSharath SMaria KedovskayaINTERIMACCEPTEDBhavya KINTERIMACCEPTEDBhavya KINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 3.0 SP2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET Framework 3.0Microsoft .NET Framework 3.0 SP2 is installedDragos PrisacaDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3885) - MS13-080Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3882.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability (CVE-2013-3865) - MS13-076Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3864.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3886) - MS13-080Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAncillary Function Driver Information Disclosure Vulnerability (CVE-2013-3887) - MS13-093Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPThe Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka "Ancillary Function Driver Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft SharePoint (CVE-2013-3858) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web AppsMicrosoft SharePoint Server 2010Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3848) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2010 is installed.Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2010Microsoft Office SharePoint Server 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability (CVE-2013-1344) - MS13-076Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-3864, and CVE-2013-3865.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDGraphics Device Interface Integer Overflow Vulnerability (CVE-2013-3940) - MS13-089Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Use After Free Vulnerability (CVE-2013-3879) MS13-081Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPUse-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDVulnerability in Windows Common Control Library Could Allow Remote Code Execution (CVE-2013-3195) - MS13-083Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability (CVE-2013-1342) - MS13-076Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1343, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in Microsoft Internet Explorer (CVE-2013-3908) - MS13-088Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows XPMicrosoft Windows VistaMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3893) - MS13-080Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability (CVE-2013-1341) - MS13-076Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3201) - MS13-069Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3209) - MS13-069Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3207.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows USB Descriptor Vulnerability (CVE-2013-3200) - MS13-081Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPThe USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability."SecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3872) - MS13-080Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3873, CVE-2013-3882, and CVE-2013-3885.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3202) - MS13-069Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability (CVE-2013-3864) - MS13-076Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3865.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Elevation of Privilege Vulnerability (CVE-2013-1343) - MS13-076Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3916) - MS13-088Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows XPMicrosoft Windows VistaMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3912.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows 8.1 is installedMicrosoft Windows 8.1The operating system installed on the system is Microsoft Windows 8.1Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2012 R2 is installedMicrosoft Windows Server 2012 R2The operating system installed on the system is Microsoft Windows Server 2012
R2.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 11 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012 R2Microsoft Internet Explorer 11Microsoft Internet Explorer 11 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDBlake FrantzINTERIMACCEPTEDACCEPTEDWindows Kernel Memory Corruption Vulnerability - MS13-063Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows 7The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3197.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3882) - MS13-080Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3885.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Memory Corruption Vulnerability - MS13-063Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows 7The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3198.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRemote Procedure Call Vulnerability - MS13-062Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3184 MS13-059Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3191 MS13-059Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3187 and CVE-2013-3193.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3199 MS13-059Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Kernel Memory Corruption Vulnerability - MS13-063Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows 7The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3197 and CVE-2013-3198.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3187 MS13-059Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3191 and CVE-2013-3193.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3208) - MS13-069Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3190 MS13-059Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDElevation of privilege vulnerability in Internet Explorer - CVE-2013-3186 MS13-059Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka IL) protection mechanism, which allows remote attackers to obtain medium-integrity privileges by leveraging access to a low-integrity process, aka "Process Integrity Level Assignment Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3193 MS13-059Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3187 and CVE-2013-3191.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCross-site-scripting (XSS) vulnerability in Internet Explorer - CVE-2013-3192 MS13-059Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in ICMPv6 could allow Denial of Service - MS13-065Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaThe TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote attackers to cause a denial of service (system hang) via crafted packets, aka "ICMPv6 Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDelegate reflection bypass vulnerability in Microsoft .NET Framework - MS13-052Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."SecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAnonymous method injection vulnerability in Microsoft .NET Framework - MS13-052Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."SecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Vulnerability - CVE-2013-1345 (MS13-053)Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2008 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3163 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Read AV Vulnerability - CVE-2013-3660 (MS13-053)Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2008 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 7The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWin32k Memory Allocation Vulnerability- CVE-2013-1300 (MS13-053)Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2008 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting vulnerability in Internet Explorer - CVE-2013-3166 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3161 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Dereference Vulnerability - CVE-2013-1340 (MS13-053)Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2008 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 7win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3143 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3162 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3115 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3162.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Buffer Overwrite Vulnerability - CVE-2013-3173 (MS13-053)Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2008 R2Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows 7Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."SecPod TeamDRAFTINTERIMPooja ShettyACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3151 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDArray allocation vulnerability in the Common Language Runtime (CLR) in Microsoft .NET Framework - MS13-052Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."SecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3148 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3144 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3152 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in Kernel-Mode Driver Could Allow Denial of Service - MS13-049Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaInteger overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3153 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0.
Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate VeridataMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Oracle GoldenGate DirectorOracle GoldenGate VeridataApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3118) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDirectShow Arbitrary Memory Overwrite Vulnerability - MS13-056Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP SP2 (64-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP SP2 (64-bit).Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows XP is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP.Andrew ButtnerACCEPTEDJonathan BakerINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3121) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDelegate serialization vulnerability in Microsoft .NET Framework - MS13-052Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3119) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3125) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2008 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDKernel Information Disclosure Vulnerability - MS13-048Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows VistaMicrosoft Windows XPThe kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."SecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDACCEPTEDVulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege - MS13-050Microsoft Windows 7Microsoft Windows 8Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3113) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Internet Explorer - CVE-2013-3146 (MS13-055)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3120) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2008 R2Microsoft Internet Explorer 10Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3114) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMircosoft .NET Framework authentication bypass vulnerability - (CVE-2013-1337) MS13-040Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 8Microsoft Windows Server 2012Microsoft .NET Framework 4.5Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3111) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3142) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Script Debug Vulnerability - CVE-2013-3126 (MS13-047)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Use After Free Vulnerability - CVE-2013-1303 (MS13-028)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3123) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer removeChild Use After Free Vulnerability - MS13-021Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Use After Free Vulnerability - CVE-2013-1338 (MS13-028)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 10Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDCallback Function Vulnerability - MS13-024Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft kernel-mode drivers privilege elevation vulnerability (CVE-2013-1286) - MS13-027Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPThe USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.SecPod TeamDRAFTINTERIMSharath SACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer CMarkupBehaviorContext Use After Free Vulnerability - MS13-021Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer OnResize Use After Free Vulnerability - MS13-021Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Kernel-Mode Driver privilege elevation vulnerability (CVE-2013-1292) - MS13-036Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaRace condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."SecPod TeamDRAFTSharath SBhavya KINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Kernel-Mode Driver privilege elevation vulnerability (CVE-2013-1283) - MS13-036Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPRace condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."SecPod TeamDRAFTSharath SBhavya KINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework Common Language Runtime spoofing vulnerability - (CVE-2013-1336) MS13-040Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3139) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Use After Free Vulnerability - CVE-2013-1304 (MS13-028)Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Kernel-Mode Driver privilege elevation vulnerability (CVE-2013-1291) - MS13-036Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPwin32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."SecPod TeamDRAFTSharath SBhavya KINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft kernel-mode drivers privilege elevation vulnerability (CVE-2013-1287) - MS13-027Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPThe USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.SecPod TeamDRAFTINTERIMSharath SACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer vtable use after free vulnerability - MS13-009Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer Memory Corruption Vulnerability (CVE-2013-3112) - MS13-047Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWinForms callback elevation vulnerability in .NET Framework - MS13-015Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Microsoft .NET Framework 4.5The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer CDispNode use after free vulnerability - MS13-009Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer COmWindowProxy use after free vulnerability - MS13-009Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDActive Directory Buffer Overflow Vulnerability - MS13-032Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDVulnerability in Windows Kernel could allow elevation of privilege - MS13-017Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPRace condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDKernel Race Condition Vulnerability - CVE-2013-1284 (MS13-031)Microsoft Windows 8Microsoft Windows Server 2012Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Windows Kernel could allow elevation of privilege - MS13-017Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPThe kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSharePoint Directory Traversal Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft kernel-mode drivers privilege elevation vulnerability (CVE-2013-1285) - MS13-027Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPThe USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.SecPod TeamDRAFTINTERIMSharath SACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Race Condition Vulnerability CVE-2013-1248 - MS13-016Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPRace condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.SecPod TeamDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDInternet Explorer Use After Free Vulnerability - (CVE-2013-1308) MS13-037Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDBuffer Overflow Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDInternet Explorer Use After Free Vulnerability - (CVE-2013-1309) MS13-037Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer saveHistory Use After Free Vulnerability - MS13-021Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDTCP FIN WAIT Vulnerability - MS13-018Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaThe TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInternet Explorer CPasteCommand use after free vulnerability - MS13-009Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDirectX Graphics Kernel Subsystem Double Fetch Vulnerability - MS13-046Microsoft Windows Server 2012Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Vistadxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."SecPod TeamDRAFTINTERIMPooja ShettyACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDInternet Explorer Use After Free Vulnerability - (CVE-2013-1312) MS13-037Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Improper Message Handling Vulnerability - MS13-005Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Vistawin32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDInternet Explorer GetMarkupPtr Use After Free Vulnerability - MS13-021Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Race Condition Vulnerability CVE-2013-1249 - MS13-016Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPRace condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.SecPod TeamDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDInternet Explorer Use After Free Vulnerability - (CVE-2013-2551) MS13-037Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows 8 (x64) is installedMicrosoft Windows 8The operating system installed on the system is Microsoft Windows 8 x64Shane ShafferDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows 8 (x86) is installedMicrosoft Windows 8The operating system installed on the system is Microsoft Windows 8 x86Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Windows Kernel could allow elevation of privilege - MS13-017Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPRace condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDReplace Denial of Service Vulnerability - MS13-007Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPManagement OData IIS ExtensionMicrosoft .NET Framework 4.0Microsoft .NET Framework 3.5.1Microsoft .NET Framework 3.5The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDManagement OData IIS Extension is installedMicrosoft Windows Server 2012Management OData IIS ExtensionManagement OData IIS Extension is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability - MS13-006Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaThe SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDKernel Race Condition Vulnerability - CVE-2013-1294 (MS13-031)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows 7Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer onBeforeCopy Use After Free Vulnerability - MS13-021Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDImproper Ref Counting Use After Free Vulnerability - MS12-077Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in Windows Essentials Could Allow Information Disclosure - MS13-045Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2012Microsoft Windows Essentials 2011Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Essentials 2012 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2012Microsoft Windows Essentials 2012 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Essentials 2011 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Essentials 2011Microsoft Windows Essentials 2011 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVML memory corruption vulnerability in Internet Explorer - MS13-010Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Internet Explorer 10Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWin32k Window Handle Vulnerability - MS13-046Microsoft Windows XPMicrosoft Windows 7Microsoft Windows 8Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."SecPod TeamDRAFTINTERIMPooja ShettyACCEPTEDACCEPTEDVulnerability in HTTP.sys could allow denial of service - MS13-039Microsoft Windows 8Microsoft Windows Server 2012HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2012 (64-bit) is installedMicrosoft Windows Server 2012The operating system installed on the system is Microsoft Windows Server 2012 64 bitSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDDirectPlay Heap Overflow Vulnerability - MS12-082Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows Server 2012Microsoft Windows 8Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDInternet Explorer LsGetTrailInfo use after free vulnerability - MS13-009Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOpenType Font Parsing Vulnerability - MS12-078Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."SecPod TeamDRAFTPooja ShettyINTERIMPradeep R BACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDCMarkup Use After Free Vulnerability - MS12-077Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDInternet Explorer CCaret Use After Free Vulnerability - MS13-021Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Briefcase Integer Underflow Vulnerability - MS12-072Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDWPF reflection optimization vulnerability - MS12-074Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 4.5Microsoft .NET Framework 4.0The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDTrueType Font Parsing Vulnerability - MS12-078Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTPooja ShettyINTERIMPradeep R BACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 Itanium Edition Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2 Itanium Edition Service Pack 1Josh TurpinDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDWeb proxy auto-discovery vulnerability - MS12-074Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 2.0Microsoft .NET Framework 4.5Microsoft .NET Framework 4.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 4.5 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft .NET Framework 4.5Microsoft .NET Framework 4.5 is installedSecPod TeamDRAFTINTERIMSergey ArtykhovACCEPTEDACCEPTEDInjectHTMLStream Use After Free Vulnerability - MS12-077Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 7 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet Explorer 7A version of Microsoft Internet Explorer 7 is installed.Sudhir GandheDRAFTINTERIMAndrew ButtnerACCEPTEDBrendan MilesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 8 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8A version of Microsoft Internet Explorer 8 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMMaria MikhnoACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 6The application Microsoft Internet Explorer 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 10 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Internet Explorer 10Microsoft Internet Explorer 10 is installedSecPod TeamDRAFTINTERIMACCEPTEDBlake FrantzINTERIMBlake FrantzACCEPTEDACCEPTEDMicrosoft Internet Explorer 9 is installedMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 9A version of Microsoft Internet Explorer 9 is installed.Shane ShafferDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWindows Briefcase Integer Overflow Vulnerability - MS12-072Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 x64 Edition Service Pack 2Dragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) Service Pack 2 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008 (32-bit) Service Pack 2Dragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows XP (x86) SP3 is installedMicrosoft Windows XPA version of Microsoft Windows XP (x86) Service Pack 3 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition Service Pack 2 is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64 Edition Service Pack 2Dragos PrisacaDragos PrisacaDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP x64 Edition SP2 is installedMicrosoft Windows XPA version of Microsoft Windows XP Professional x64 Edition Service Pack 2 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 SP2 (x64) is installed.Sudhir GandheDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 SP2 (x86) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 Service Pack 2 (x86) is installed.Sudhir GandheDRAFTINTERIMRobert L. HollisACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) SP2 is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Service Pack 2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Service Pack 1 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 Service Pack 1Shane ShafferDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Service Pack 1 is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2 x64 Service Pack 1Josh TurpinDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) Service Pack 1 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit) Service Pack 1Shane ShafferDRAFTINTERIMChandan SACCEPTEDDragos PrisacaINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTED.NET Framework Insecure Library Loading Vulnerability - MS12-074Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft .NET Framework 1.1Microsoft .NET Framework 2.0Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.0Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (x64) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (x64) is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 4.0 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft .NET Framework 4.0Microsoft .NET Framework 4.0 is installedDragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDJosh TurpinINTERIMJosh TurpinACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 x64 Edition is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008
R2 x64 EditionDragos PrisacaDRAFTINTERIMTodd DolinskyTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 (32-bit) is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 (32-bit)Pai PengDRAFTINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 2.0 Service Pack 2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 2.0Microsoft .NET Framework 2.0 Service Pack 2 is installedDragos PrisacaDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008
R2 Itanium EditionDragos PrisacaDRAFTINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Windows 7 x64 Edition is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7 x64 EditionPai PengDRAFTINTERIMACCEPTEDTodd DolinskyINTERIMTim HarrisonTim HarrisonTim HarrisonACCEPTEDMaria KedovskayaINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (ia-64) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008
Itanium EditionJeff ItoDRAFTINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDJ. Daniel BrownINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (64-bit) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008
(64-bit)Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMTim
HarrisonINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDJ. Daniel BrownINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2008 (32-bit) is installedMicrosoft Windows Server 2008The operating system installed on the system is Microsoft Windows Server 2008
(32-bit)Sudhir GandheDRAFTAndrew ButtnerINTERIMACCEPTEDTodd DolinskyINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDJonathan BakerINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (ia64) Gold is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (ia64) Gold is installed.Andrew ButtnerDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDSudhir GandheINTERIMShane ShafferACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft Windows Vista x64 Edition is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista x64
EditionJonathan BakerDRAFTINTERIMACCEPTEDSudhir GandheINTERIMAndrew ButtnerACCEPTEDTodd DolinskyINTERIMACCEPTEDTodd DolinskyINTERIMTim
HarrisonTim
HarrisonTim
HarrisonACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2003 (32-bit) is installedMicrosoft Windows Server 2003A version of Microsoft Windows Server 2003 (32-bit) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDShane ShafferINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 1.1 Service Pack 1 is InstalledMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Service Pack 1 is InstalledSudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDNate PrzybyszewskiINTERIMACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows Server 2012 is installedMicrosoft Windows Server 2012The operating system installed on the system is Microsoft Windows Server 2012.SecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows 8 is installedMicrosoft Windows 8The operating system installed on the system is Microsoft Windows 8.Shane ShafferDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP x64 is installedMicrosoft Windows XPA version of Microsoft Windows XP x64 is installed.SecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Windows XP (32-bit) is installedMicrosoft Windows XPThe operating system installed on the system is Microsoft Windows XP (32-bit).Robert L. HollisDRAFTINTERIMACCEPTEDAndrew ButtnerINTERIMACCEPTEDTim HarrisonINTERIMTim HarrisonTim HarrisonACCEPTEDACCEPTEDMicrosoft Windows Vista (32-bit) is installedMicrosoft Windows VistaThe operating system installed on the system is Microsoft Windows Vista
(32-bit)Jonathan BakerDRAFTINTERIMACCEPTEDSudhir GandheINTERIMAndrew ButtnerACCEPTEDTim
HarrisonINTERIMTim
HarrisonTim
HarrisonACCEPTEDACCEPTEDMicrosoft Windows Server 2008 R2 is installedMicrosoft Windows Server 2008 R2The operating system installed on the system is Microsoft Windows Server 2008 R2Shane ShafferDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDMicrosoft .NET Framework 3.5 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5 SP1 is installedJosh TurpinDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Windows 7 is installedMicrosoft Windows 7The operating system installed on the system is Microsoft Windows 7.DRAFTINTERIMACCEPTEDMike CokusINTERIMACCEPTEDACCEPTEDmsi.dllvmicvss.dllOle32.dllservices.exeHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Office\\12\.0\\Registration\\\{90120000-110D-0000-[01]000-0000000FF1CE\}$ProductNameMicrosoft.office.policy.dllMicrosoft.SharePoint.Portal.dllRdpudd.dllClfsw32.dllUbpm.dllScesrv.dllTswbprxy.exegpsvc.dllmsctf.dllWmphoto.dllAhcache.syswer.dlltlntsess.exekernelbase.dllMicrosoft.Office.Server.Search.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMinorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiProductMajorExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiInstallPathExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiInstallPathJournal.dlljscript.dllVbscript.dllProfsvc.dllUserenv.dllNlasvc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Exchange v15DisplayNameExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v15\SetupMsiInstallPathaudiosrv.dlllsasrv.dllcng.sysKsecdd.syskerberos.dllGdiplus.dllWindowscodecs.dllmsctf.dlloval:org.mitre.oval:obj:42934oval:org.mitre.oval:obj:43009HKEY_LOCAL_MACHINESOFTWARE\Microsoft\IMEJP\8.1\directoriesModulePathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\IMEJP\10.0\directoriesModulePathImjputyc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\IMEJP\12.0\directoriesModulePathImjputyc.dllJscript9.dlloleaut32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMinorVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\INetStpMajorVersionIprestr.dllmsoserverintl.dllwwintl.dllvutils.dllMsoserver.Dllascalc.dllmicrosoft.office.infopath.server.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Office Server\15.0BinPathxlsrv.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationstswel.dllschannel.dllmrxdav.sysSystem.Deployment.dllSystem.Deployment.dllmscorie.dllschedsvc.dllSystem.dllOakley.dllIkeext.dllDeploy.resources.dllMicrosoft.Rtc.Acd.Workflow.dllSystem.IdentityModel.dllSystem.IdentityModel.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.0All Assemblies InHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{.*\}$DisplayNamewrtces.dllSIPStack.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}InstallDirConsent.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Media CenterIdentMcPlayer.dllPackager.dllMsxml6.dllrdpcorets.dllSWORD.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationsystem.runtime.remoting.dllsystem.runtime.remoting.dllsystem.runtime.remoting.dllShlwapi.dllshell32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SharePoint Client Components\15.0LocationHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-101F-0401-1000-0000000FF1CE\}_Office15\.WacServer\-\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-1014-0000-1000-0000000FF1CE}_Office15\.OSERVER\{[\w\-]+\}$DisplayNameMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.WacServerInstallLocationMicrosoft.Office.Server.Msg.dllwsetupui.dllMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationMicrosoft.SharePoint.Client.dllWsssetup.dllkernel32.dllgppref.dllgpme.dlld2d1.dllMsxml3.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\FullReleaseHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\ClientReleaseSystem.web.dllSetup.exeSystem.web.dllSystem.web.dllHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxInstallDirportcls.sysimagehlp.dllMicrosoft.AspNet.SignalR.Core.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\TeamFoundationServer\12.0InstallPathscrrun.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-1014-0000-1000-0000000FF1CE}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERDisplayNameOnetutil.dllMicrosoft.office.server.native.dllMicrosoft.office.server.native.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationxlsrv.dllOnfda.dllcrypt32.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{19916e01-b44e-4e31-94a4-4696df46157b}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{53001f3a-f5e1-4b90-9c9f-00e09b53c5f1}Compatibility FlagsHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c2c4f00a-720e-4389-aeb9-e9c4b0d93c6f}Compatibility FlagsHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-1141\-0407\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameVMMS.exeHvax64.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0InstallHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0SPPresentationCFFRasterizerNative_v0300.dllDwrite.dllwpftxt_v0400.dllafd.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERDisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-112D\-0000\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayVersionMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationWdsrvWorker.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERInstallLocationgdi32.dllComctl32.dllWdfldr.sysHidparse.sysUsbxhci.sysusbd.sysUsbcir.sysrpcrt4.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\[\d]*-[\d]*-[\d]*-[\d]*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle GoldenGate Veridata 3.0.0.11.0DisplayNameqedit.dllsystem.configuration.dllsystem.data.linq.dllsystem.configuration.dllsystem.data.linq.dllWin32spl.dllSystem.Security.dllSystem.Security.dllNtfs.sysSystem.Windows.Forms.dllSystem.Windows.Forms.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ADAMDisplayNameadamdsa.dllntdsa.dllHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Services\NTDS\Performancentdsai.dllroot\cimv2select DomainRole from Win32_ComputerSystemUsb8023.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-1110-0000-1000-0000000FF1CE}DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-1014-0000-1000-0000000FF1CE}_Office14\.WSS_\{[\w\-]+}$DisplayNameOnfda.dlltcpip.sysdxgkrnl.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ServerManager\ServicingStorage\ServerComponentCache\ManagementOdataInstallStateSystem.Data.Services.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.5All Assemblies InSystem.Data.Services.dllSystem.Data.Services.dllMicrosoft.data.edm.powershell.dllNcryptsslp.dllNcrypt.dllNtkrnlmp.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\SetupDriverCachePathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteDisplayVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteDisplayNameWindowsLiveWriter.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuiteInstallLocationNtoskrnl.exeHttp.sysdpnet.dllvgx.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirPresentationCore.dllAtmfd.dllwin32k.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\FullVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\ClientVersionSystem.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorersvcVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionmshtml.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionBuildLabSynceng.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\ClientInstallHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v4\FullInstallHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionCSDVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322InstallHKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Session Manager\EnvironmentPROCESSOR_ARCHITECTUREHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5SPHKEY_LOCAL_MACHINESOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5InstallHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionProductNameMscorlib.dllMscorlib.dllMscorlib.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRoot5.1.2.2434.5.6002.237304.5.6002.237315.0.7601.188965.0.9200.174125.0.9200.215235.0.7601.230995.0.9200.210004.5.6002.230005.0.9600.179054.5.6002.194245.0.7601.230006.3.9600.177236.0.6002.193786.0.6002.236846.1.7601.188446.2.9200.215066.2.9200.173956.1.7601.230956.1.7601.188925.1.2.2425.2.2.2426.2.9200.215295.2.3790.56696.0.6002.194316.1.7601.231126.3.9600.179186.2.9200.174206.1.7601.189096.0.6002.237376.2.9200.174146.1.7601.188966.2.9200.215246.3.9600.179055.2.3790.56636.1.7601.230996.0.6002.237436.0.6002.194354.0.30319.362874.0.30319.20574.0.30319.362864.0.30319.342511.1.4322.25124.0.30319.10322.0.50727.86554.0.30319.342502.0.50727.36675.7.6002.194055.8.9200.215215.8.7601.207855.8.7601.188965.6.0.88565.8.6001.196525.8.9600.179095.8.9600.179105.8.9200.174105.8.7601.230995.8.7601.171745.8.9600.179055.8.6001.237075.7.6002.237125.8.7601.230006.2.9200.173436.0.6002.193696.1.7601.230336.2.9200.214566.0.6002.236776.1.7601.188296.3.9600.17793Microsoft Office SharePoint Server 200715.0.4719.100214.0.7149.500012.0.6721.50006.2.9200.211726.1.7601.187406.2.9200.170536.3.9600.176676.1.7601.229476.2.9200.213646.2.9200.172476.2.9200.214086.2.9200.172916.1.7601.229816.0.6002.236396.0.6002.193316.3.9600.177196.1.7601.187776.0.6002.236366.2.9200.213686.1.7601.187386.2.9200.213696.2.9200.172516.3.9600.176686.1.7601.229436.0.6002.193278.0.6001.237078.0.7601.230998.0.6001.196528.0.7601.188967.0.6002.237287.0.6000.214817.0.6002.194216.0.3790.56626.2.9200.172476.1.7601.187416.1.7601.229486.3.9600.176716.2.9200.213646.0.6002.192516.0.6002.235586.2.9200.172006.1.7601.186866.1.7601.228945.2.3790.54926.3.9600.175526.2.9200.213476.3.9600.176306.2.9200.172316.1.7601.229216.1.7601.187156.1.7601.231096.0.6002.237356.3.9600.179156.1.7601.189066.2.9200.215286.0.6002.194295.2.3790.56676.2.9200.174192.0.50727.42564.0.30319.362884.0.30319.10312.0.50727.64264.0.30319.342522.0.50727.54904.0.30319.20562.0.50727.36652.0.50727.86526.2.9200.213457.0.6002.192816.1.7601.229227.0.6002.235916.26.2.9200.172286.1.7601.187166.2.9200.213436.26.3.9600.176316.2.9200.172265.2.6002.235886.2.9200.172126.2.9200.172136.1.7600.210006.3.9600.000006.1.7600.219096.1.7601.229076.1.7601.186996.1.7600.177156.3.9600.175556.1.7600.000006.3.9600.175536.2.9200.213296.1.7601.188986.2.9200.215216.0.6002.194216.2.9200.174106.3.9600.179026.1.7601.231005.2.3790.56616.0.6002.237286.3.9600.176306.1.7601.187116.2.9200.172256.0.6002.235886.1.7601.229176.2.9200.213396.0.6002.192796.2.9200.173436.3.9600.177856.2.9200.214566.1.7601.229375.2.3790.55286.3.9600.176646.2.9200.213616.2.9200.172436.1.7601.187316.0.6002.192966.0.6002.236066.1.7601.187426.3.9600.176687.0.6002.236096.2.9200.172476.2.9200.213646.1.7601.229496.2.9200.172547.0.6002.192996.2.9200.213716.2.9200.173616.2.9200.214736.1.7601.188436.0.6002.193756.1.7601.230455.2.3790.56186.3.9600.178106.0.6002.236836.2.9200.172146.2.9200.172136.3.9600.175556.2.9200.213176.1.7601.229086.1.7601.187006.2.9200.214035.2.3790.55616.3.9600.176946.0.6002.193276.0.6002.236366.2.9200.172876.1.7601.187736.1.7601.229786.3.9600.175506.2.9200.171996.2.9200.213166.0.6002.193226.1.7601.187626.0.3790.55586.1.7601.229696.3.9600.176806.2.9200.172796.2.9200.213956.0.6002.236326.1.7601.229766.2.9200.214016.1.7601.187726.2.9200.172856.3.9600.177126.0.6002.236326.2.9200.172796.3.9600.176806.2.9200.213956.1.7601.229696.1.7601.187626.0.6002.193226.0.3790.55586.2.9200.173136.2.9200.214286.1.7601.230026.0.6002.236545.2.3790.55836.3.9600.177366.0.6002.193466.1.7601.187985.2.3790.55646.2.9200.172936.2.9200.214106.3.9600.177026.0.6002.236406.1.7601.187796.0.6002.193326.1.7601.229836.1.7601.228936.2.9200.171986.3.9600.175476.1.7601.186855.2.3790.54916.0.6002.192506.2.9200.213156.0.6002.2355710.0.9200.215239.0.8112.166699.0.8112.2078411.0.9600.1790510.0.9200.174126.0.6002.236886.0.6002.193816.2.9200.173666.2.9200.214786.1.7601.188476.1.7601.2304915.0.4711.10007.0.6002.236908.0.6001.196327.0.6000.214666.0.3790.56248.0.7601.188707.0.6002.193838.0.7601.230738.0.6001.236878.0.7601.229588.0.6001.236617.0.6002.1931011.0.9600.176907.0.6002.236206.0.3790.55438.0.6001.196079.0.8112.166337.0.6000.214439.0.8112.207478.0.7601.187515.2.2.2415.1.2.24110.0.9200.2138410.0.9200.1726710.0.9200.1737711.0.9600.1784210.0.9200.214899.0.8112.207749.0.8112.166596.3.9600.176695.2.6002.236096.2.9200.172516.2.9200.000007.0.6002.192996.1.7601.229487.0.6002.236096.2.9200.213696.1.7601.18741801414.03.0224.0018.03.0389.0028.0.7601.1883510.0.9200.214709.0.8112.207587.0.6002.236759.0.8112.166448.0.6001.236768.0.6001.196217.0.6000.2145510.0.9200.173576.0.3790.56027.0.6002.193678.0.7601.230386.0.3790.54677.0.6000.214207.0.6002.192217.0.6002.235286.1.7601.230206.1.7601.188156.0.6002.193566.2.9200.173306.1.7601.230006.3.9600.177936.2.9200.214446.0.6002.236645.8.6001.230005.8.7601.200005.7.6002.192215.8.6001.195875.8.9200.210005.8.7601.228565.8.7601.207165.8.9600.174965.6.0.88535.8.9200.171835.8.7601.171045.8.6001.236425.7.6002.235285.8.7601.186485.8.9200.212995.7.0.05.8.7601.220005.8.0.05.6.0.06.2.9200.172196.2.9200.213176.0.6002.235576.1.7601.229136.3.9600.175526.1.7601.187066.0.6002.192505.2.3790.54916.1.7601.186856.1.7601.228936.2.9200.171996.2.9200.213166.0.6002.192506.0.6002.235576.3.9600.17550Microsoft Exchange Server 2013 Cumulative Update 6^Microsoft Exchange Server 2013.*$15.00.0847.03515.00.0995.0346.0.6002.192016.1.7601.228266.0.6002.235066.3.9600.173936.1.7601.186196.2.9200.212516.2.9200.171346.0.6002.230006.0.6002.235216.1.7601.228436.2.9200.171506.1.7601.186376.0.6002.192146.2.9200.212696.3.9600.173966.2.9200.172266.1.7601.187176.1.7601.229236.0.6002.192826.0.6002.235886.1.7601.187136.2.9200.172306.0.6002.235926.1.7601.229195.2.3790.55166.0.6002.192795.2.3790.55136.2.9200.213476.2.9200.213436.3.9600.176336.3.9600.176306.0.6002.237066.3.9600.178376.2.9200.214966.1.7601.230726.1.7601.188695.2.3790.56406.0.6002.193996.2.9200.173856.2.9200.171726.1.7601.228656.1.7601.186586.3.9600.174235.2.3790.54676.2.9200.2128911.0.9600.178012.0.50727.86532.0.50727.42572.0.50727.801510.0.30319.20562.0.50727.36684.0.30319.342482.0.50727.86564.0.30319.342492.0.50727.64274.0.30319.362854.0.30319.3628310.0.30319.10311.1.4322.25152.0.50727.54917.0.6002.192276.2.9200.171706.3.9600.174836.2.9200.212835.2.6002.235357.0.6002.235358.110.7601.185768.100.5009.08.110.7601.227828.100.1056.08.110.9200.210008.110.9200.170928.110.9200.212118.110.9600.173246.1.7601.230006.1.7601.188346.0.6002.193725.2.3790.56156.0.6002.236806.1.7601.230386.2.9200.214576.2.9200.173436.3.9600.177964.0.30319.10304.0.30319.342454.0.30319.20492.0.50727.86424.0.30319.362572.0.50727.36641.1.4322.25115.2.3790.54646.2.9200.172436.1.7601.229376.0.6002.236066.1.7601.187316.2.9200.213616.3.9600.176645.2.3790.55286.0.6002.1929610.0.6002.2345910.0.6002.2300010.1.7601.1855610.1.7601.227648.1.7104.012.0.6704.500010.0.6002.1915410.1.7601.220008.0.7601.187157.0.6000.214327.0.6002.192818.0.7601.229216.0.3790.55087.0.6002.235908.0.6001.196008.0.6001.236448.0.6001.236559.0.8112.1660910.0.9200.172299.0.8112.2073011.0.9600.1764010.0.9200.172289.0.8112.166209.0.8112.2072511.0.9600.1763110.0.9200.1724110.0.9200.2134510.0.9200.213598.0.7601.186678.0.6001.236428.0.6001.195878.0.7601.228746.2.9200.171606.1.7601.186456.0.6002.235236.3.9600.174086.1.7601.228466.1.7601.186406.3.9600.174036.2.9200.212786.2.9200.212736.0.6002.192166.2.9200.171556.1.7601.228536.0.6002.192206.0.6002.235275088.0.9200.212188.0.9200.171018.5.9600.172658.0.9200.210007.0.6000.214488.0.6001.2367110.0.9200.214137.0.6002.236429.0.8112.166368.0.7601.188066.0.3790.55697.0.6002.193348.0.6001.1961211.0.9600.177288.0.7601.2300010.0.9200.172969.0.8112.207508.0.7601.2301015.0.4697.100015.0.4631.100014.0.7145.500015.0.4699.100015.0.4701.100014.0.7137.50006.0.6002.235556.2.9200.171246.3.9600.173856.0.6002.192476.1.7601.228146.2.9200.212416.1.7601.186065.2.3790.54626.2.9200.171336.0.6002.235226.0.6002.192156.3.9600.173935.2.3790.54486.2.9200.212506.1.7601.186186.1.7601.228256.0.6002.192736.0.6002.235815.2.3790.55086.3.9600.175606.2.9200.213176.1.7601.187066.2.9200.172196.1.7601.229139.0.8112.2071511.0.9600.1749610.0.9200.212999.0.8112.1659910.0.9200.1718311.0.9600.174166.0.3790.54589.0.8112.165927.0.6000.214159.0.8112.207088.0.6001.195757.0.6002.2351710.0.9200.2129111.0.9600.174208.0.7601.186317.0.6002.192128.0.7601.2283810.0.9200.171738.0.6001.236334.0.30319.342432.0.50727.86412.0.50727.36634.0.30319.362562.0.50727.42554.0.30319.20484.0.30319.362554.0.30319.10294.0.30319.342442.0.50727.54882.0.50727.64242.0.50727.80122.0.50727.64192.0.50727.80086.0.3790.54246.2.9200.170686.3.9600.172766.2.9200.211884.0.30319.362504.0.30319.342384.0.30319.362514.0.30319.34239Service Pack 16.0.6002.232436.0.6002.230006.2.9200.167346.1.7601.224795.2.3790.52386.2.9200.167346.1.7601.182835.1.2600.64626.1.7601.220006.2.9200.167346.2.9200.167346.0.6002.189605.0.8308.4204.0.7577.2767.0.6000.214097.0.6002.234898.0.6001.1956910.0.9200.171168.0.7601.2280311.0.9600.173449.0.8112.165849.0.8112.207008.0.6001.2362710.0.9200.212327.0.6002.191858.0.7601.185953798933798934.0.30319.10264.0.30319.342302.0.50727.54854.0.30319.342343.0.4506.86353.0.4506.54633.0.4506.40682.0.50727.36622.0.50727.64212.0.50727.86372.0.50727.80092.0.50727.42534.0.30319.20452.0.50727.86153.0.4506.42221.1.4322.25104.0.30319.362413.0.4506.80022.0.50727.70713.0.4506.64153.0.4506.8600^Microsoft Lync Server 2010.*$^Microsoft Lync Server 2013.*$4.0.7577.2305.0.8308.8036.1.7601.228236.2.9200.171306.0.6002.191986.0.6002.235046.3.9600.173536.2.9200.212476.1.7601.186155.2.3790.54455.131.3790.53626.1.7601.184936.3.9600.171986.1.7601.227086.0.6002.234156.2.9200.211396.0.6002.191166.2.9200.170225.2.3790.539815.0.4641.10006.1.7601.185236.2.9200.170456.1.1000.183246.2.9200.211626.1.7601.227336.3.9600.172246.2.9200.211546.1.7601.227436.1.7601.185326.3.9600.172166.2.9200.170376.2.9200.171216.2.9200.212376.1.7601.228096.0.6002.234966.1.7601.186016.0.6002.191926.3.9600.173416.1.7601.227206.3.9600.172506.2.9200.170597.0.6002.191266.2.9200.170316.2.9200.211486.1.7601.227506.0.6002.234546.3.9600.172106.2.9200.211787.0.6002.234276.1.7601.185106.0.6002.191506.1.7601.185399.0.8112.206917.0.6002.191658.0.6001.1956111.0.9600.172788.0.7601.1857111.0.9600.172808.0.7601.227777.0.6000.214086.0.3790.54137.0.6002.234708.0.6001.236199.0.8112.1657510.0.9200.1708810.0.9200.212078.0.7601.185347.0.6002.191438.0.7601.227458.0.6001.195538.0.6001.236117.0.6002.234469.0.8112.165639.0.8112.206746.0.3790.53927.0.6000.2139711.0.9600.1723910.0.9200.2117310.0.9200.170548.0.7600.167228.0.7600.208618.0.7600.200006.0.6002.191196.1.7601.227226.3.9600.166716.3.9600.170316.2.9200.170256.3.9600.172006.0.6002.234206.2.9200.211426.1.7601.185126.6.7601.185016.6.9600.170316.6.7601.227166.6.9200.170236.6.9200.211406.6.9600.172006.6.6002.191186.6.6002.234186.6.9600.166726.0.3790.53587.0.6002.234137.0.6000.213957.0.6002.191146.30.7601.220006.30.7601.184318.100.5008.06.20.2017.08.110.7601.184316.20.5007.08.110.9600.166638.100.1055.08.110.7601.226408.110.9200.168636.30.7601.226408.110.9200.209826.3.9600.170396.2.9200.168866.1.7601.226486.1.7601.184386.0.6002.233706.0.6002.190806.2.9200.210056.3.9600.170886.3.9600.166606.2.9200.210356.2.9200.210006.1.7601.184656.1.7601.226786.2.9200.169126.3.9600.1666314.0.7123.50007.0.6002.1908710.0.9200.1689711.0.9600.171058.0.6001.235889.0.8112.2065711.0.9600.166617.0.6000.213836.0.2900.65506.0.3790.53287.0.6002.233778.0.7601.226578.0.6001.1952910.0.9200.210248.0.7601.184469.0.8112.165462.0.50727.54834.0.30319.341082.0.50727.80032.0.50727.70552.0.50727.42524.0.30319.361154.0.30319.20362.0.50727.86002.0.50727.70574.0.30319.10234.0.30319.361064.0.30319.361052.0.50727.64162.0.50727.86061.1.4322.25062.0.50727.36594.0.30319.341074.1.304.3.84.2.226.3.9600.170886.1.7601.184896.0.6002.191155.2.3790.53586.2.9200.211336.1.7601.227056.3.9600.171946.3.9600.166686.0.6002.234146.2.9200.170146.2.9200.210006.2.9200.168826.1.7601.226396.0.3790.53186.0.6002.190706.0.6002.233606.3.9600.170836.1.7601.1842911.0.9600.1667211.0.9600.1720710.0.9200.211458.0.6001.2360310.0.9200.170288.0.7601.184878.0.7601.227039.0.8112.206728.0.6001.195439.0.8112.16561^Service Pack 1 for Microsoft Office Web Apps Server .*$^Service Pack 1 for Microsoft SharePoint Server 2013 .*$15.0.4514.100015.0.4561.100015.0.4609.100015.0.4615.10009.0.8112.165536.0.3790.53308.0.7601.2265910.0.9200.2102610.0.9200.168998.0.6001.195317.0.6002.190899.0.8112.206647.0.6000.213858.0.6001.235907.0.6002.2338011.0.9600.166638.0.7601.1844811.0.9600.171076.0.6002.233235.1.2600.65326.3.9600.166566.2.9200.209356.0.6002.190346.1.7601.226166.2.9200.168155.2.3790.52956.1.7601.184096.3.9600.170396.3.9600.166606.0.6002.233396.1.7601.226056.3.9600.170416.0.6002.190476.1.7601.175146.2.9200.163846.0.3790.53414.2.204.3.69.0.8112.165557.0.6000.2138910.0.9200.210448.0.6001.195398.0.7601.226867.0.6002.233898.0.7601.1847210.0.9200.169219.0.8112.206668.0.6001.2359810.0.9200.210007.0.6002.1909811.0.9600.1666811.0.9600.1703711.0.9600.1712611.0.9600.170416.6.9200.168126.6.6002.190336.6.7601.225906.6.6002.233216.6.7601.183866.5.2600.65126.6.9600.166506.6.9200.209316.5.3790.52942.0.50727.36552.0.50727.54774.0.30319.360134.0.30319.360002.0.50727.80004.0.30319.340114.0.30319.10221.1.4322.25044.0.30319.191322.0.50727.42474.0.30319.180634.0.30319.184444.0.30319.20342.0.50727.64132.0.50727.70416.2.9200.208826.2.9200.167656.2.9200.208836.1.7601.180006.3.9600.164734.2.204.3.48.110.9200.167728.110.9600.164838.110.9200.200008.110.7601.220008.110.7601.225328.110.9200.208908.100.5007.08.100.1054.08.110.7601.183343786753787584.0.30319.180671.1.4322.250510.0.30319.10224.0.30319.194534.0.30319.184494.0.30319.194552.0.50727.42482.0.50727.641410.0.30319.20342.0.50727.36582.0.50727.70454.0.30319.340094.0.30319.184462.0.50727.547910.0.30319.20002.0.50727.80012.0.50727.70464.0.30319.191364.0.30319.184476.0.2900.651210.0.9200.168439.0.8112.1654011.0.9600.165218.0.6001.195078.0.6001.2356910.0.9200.209639.0.8112.206518.0.7601.225977.0.6002.233308.0.7601.183926.0.3790.52947.0.6002.190417.0.6000.213718.0.6001.235628.0.6001.194999.0.8112.165337.0.6000.2136611.0.9600.165186.0.3790.528110.0.9200.167988.0.7601.225679.0.8112.206448.0.7601.183657.0.6002.1901610.0.9200.209167.0.6002.233036.0.2900.64986.1.7601.225926.1.7601.183885.2.3790.52966.0.6002.190366.3.9600.166506.2.9200.168175.1.2600.65146.2.9200.209376.0.6002.233256.2.9200.208676.2.9200.167544.2.184.1.284.2.03.2.04.1.04.0.04.3.24.3.03.2.184.0.206.2.9200.167266.1.7601.224726.1.7601.182766.2.9200.208365.1.2600.64736.0.6002.232616.1.7601.183006.1.7601.224966.0.6002.189745.2.3790.52506.1.7601.224846.0.6002.232486.2.9200.167455.1.2600.64796.1.7601.182886.3.9600.164386.0.6002.189715.2.3790.52406.2.9200.208566.2.9200.167586.3.9600.164576.2.9200.208711.1.21022.05.8.7601.224805.7.6002.232425.7.6002.189605.7.6002.230005.8.9600.164295.7.0.05.7.6002.189605.8.7601.220005.8.9200.167345.8.9200.208455.8.9200.200005.6.0.88515.8.7601.182836.0.2900.64709.0.8112.165267.0.6002.232588.0.6001.235437.0.6000.213649.0.8112.206378.0.7601.183058.0.7601.225007.0.6002.189726.0.3790.52468.0.6001.1948911.0.9600.1647610.0.9200.2086110.0.9200.16750^Microsoft SharePoint Foundation 2013 .*$^Service Pack 2 for Microsoft SharePoint Foundation 2010 .*$Microsoft SharePoint Server 201314.0.7105.500014.0.7005.100014.0.7104.500015.0.4535.10006.2.9200.167276.1.7601.182775.131.3790.52356.1.7601.224735.131.2600.64596.0.6002.189536.3.9600.164316.2.9200.20838reg_dword671098887.0.6002.189107.0.6000.213527.0.6002.23183^Service Pack 2 for Microsoft Office Web Apps.*$14.0.7015.10006.2.9200.16729125.2.2.2365.1.2.2384.0.30319.20216.1.7601.224344.0.30319.191143.0.6920.50003.0.6920.64093.0.6920.54597.0.6002.232004.0.30319.180593.0.6920.60003.0.6920.70613.0.6920.70004.0.30319.10143.0.6920.40583.0.6920.42187.0.6002.189236.1.7601.182453.0.6920.70625.2.3790.52176.0.6002.189286.0.6002.232076.2.9200.208146.2.9200.167066.1.7601.182726.1.7601.22467^Microsoft.* Office Web Apps$Microsoft Office Web Apps Service Pack 1 (SP1)Microsoft SharePoint Server 201014.0.6029.100014.0.7106.500014.0.6112.50005.1.2600.64606.0.6002.232355.2.3790.52366.2.9200.208396.1.7601.182756.0.6002.189536.3.9600.164216.2.9200.167286.1.7601.224716.1.7601.182466.1.7601.224356.2.9200.208076.2.9200.166995.1.2600.64426.0.6002.232046.0.6002.189275.2.3790.52165.82.7601.220005.82.7601.182015.82.6002.230005.82.6002.188795.82.6002.231515.82.3790.51905.82.9200.207655.82.9200.166575.82.7601.223765.82.9200.200006.0.3790.52387.0.6002.189616.0.2900.64627.0.6002.232447.0.6000.213598.0.6001.235329.0.8112.165147.0.6002.232269.0.8112.206258.0.7601.182697.0.6000.213578.0.6001.194758.0.7601.224646.0.3790.52266.0.2900.64527.0.6002.189451.11.9200.166486.1.7601.183285.2.3790.51896.1.7601.223826.1.7601.182081.9.7600.163855.1.2600.64186.1.7601.225265.2.3790.52036.1.7601.181996.1.7601.223746.0.6002.231501.11.9200.163845.1.2600.64376.2.9200.207616.0.6002.188786.2.9200.166586.2.9200.207636.0.6002.231606.0.6002.231476.2.9200.166546.0.6002.188756.0.6002.188876.1.7601.224165.1.2600.64366.2.9200.207896.0.6002.231856.1.7601.182336.2.9200.166816.0.6002.189125.2.3790.5210^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] 8\.1[a-zA-Z0-9\(\)\s]*$^11\..*$8.0.6001.2353611.0.9431.2248.0.6001.194838.0.7601.2247910.0.9200.2084810.0.9200.167369.0.8112.165208.0.7601.182839.0.8112.2063110.0.9200.2083110.0.9200.167216.2.9200.166226.2.9200.207275.1.2600.63996.0.6002.231556.1.7601.182056.1.7601.231555.2.3790.51946.0.6002.188825.1.2600.64195.2.3790.51906.2.9200.207726.2.9200.166596.0.6002.231546.1.7601.223796.1.7601.182056.0.6002.1888110.0.9200.166888.0.6001.2352010.0.9200.207949.0.8112.165068.0.6001.1945810.0.9200.207968.0.7601.1822810.0.9200.166869.0.8112.206178.0.7601.224108.0.7601.223897.0.6002.231646.0.2900.64259.0.8112.206136.0.3790.51988.0.7601.182107.0.6002.1889110.0.9200.207687.0.6000.2134810.0.9200.166608.0.6001.235159.0.8112.165028.0.6001.194536.2.9200.166596.0.6002.231526.0.6002.188806.1.7601.182036.1.7601.223786.2.9200.207671.1.4322.25035.1.2600.64046.1.7601.181766.2.9200.207325.2.3790.51746.0.6002.231326.0.6002.188616.1.7601.223486.2.9200.166272.0.50727.70254.0.30319.20122.0.50727.54724.0.30319.180512.0.50727.64072.0.50727.36494.0.30319.190804.0.30319.10084.0.30319.180524.0.30319.190792.0.50727.70262.0.50727.42416.1.7601.181486.0.6002.188356.1.7601.223196.0.6002.231069.0.8112.164966.0.2900.64008.0.6001.235079.0.8112.206068.0.6001.194437.0.6000.213426.0.3790.51707.0.6002.231337.0.6002.188618.0.7601.181708.0.7601.223419.0.8112.20000^Oracle GoldenGate Director Server 11.1.1.1.0[_\d]*$^[Ss][Ee][Rr][Vv][Ii][Cc][Ee] [Pp][Aa][Cc][Kk] ([2-9]|([1-9][0-9]+))$6.6.6002.188606.6.7601.181756.6.9200.166286.6.6002.230006.6.7601.220006.5.3790.51746.5.2600.64046.6.9200.200006.6.7601.223486.6.9200.207336.6.6002.231322.0.50727.54732.0.50727.42434.0.30319.190842.0.50727.70303.5.30729.64042.0.50727.36503.5.30729.70493.5.30729.40523.5.30729.54552.0.50727.70272.0.50727.70284.0.30319.190832.0.50727.64084.0.30319.180544.0.30319.20134.0.30319.10094.0.30319.180533.5.30729.70486.2.9200.207085.1.2600.63876.1.7601.223186.2.9200.166046.1.7601.181475.2.3790.51576.0.6002.231036.0.6002.188326.1.7601.223116.1.7601.181426.2.9200.207026.2.9200.165986.0.6002.2300010.0.9200.1663510.0.9200.207422.0.50727.36464.0.30319.190574.0.30319.190582.0.50727.42372.0.50727.70194.0.30319.20062.0.50727.40004.0.30319.180384.0.30319.180392.0.50727.70182.0.50727.50004.0.30319.10042.0.50727.64042.0.50727.546910.0.9200.1654010.0.9200.206448.0.7601.222727.0.6000.171286.0.3790.51288.0.6001.234807.0.6002.187948.0.7601.181069.0.8112.164768.0.6001.194126.0.2900.63579.0.8112.205868.0.7600.214848.0.7600.172677.0.6002.230647.0.6000.213306.0.6002.230716.0.6002.230706.1.7601.222716.1.7601.181276.0.6002.188006.2.9200.206636.1.7600.172666.1.7600.214995.1.2600.63646.1.7601.181056.2.9200.165596.0.6002.187996.1.7600.214825.2.3790.51346.1.7601.222976.1.7600.172816.0.6002.220008.0.6001.1943710.0.9200.1661210.0.9200.2071910.0.9200.1661410.0.9200.207177.0.6002.188376.0.2900.63918.0.7601.220007.0.6002.231098.0.7601.181567.0.6000.213379.0.8112.164906.0.3790.51618.0.7601.223269.0.8112.206008.0.6001.235012.0.50727.64022.0.50727.70154.0.30319.10024.0.30319.180362.0.50727.36454.0.30319.20034.0.30319.20002.0.50727.54682.0.50727.49864.0.30319.190534.0.30319.180374.0.30319.190522.0.50727.4236^[Aa]ctive [Dd]irectory [Aa]pplication [Mm]ode.*$6.1.7601.222456.1.7601.180756.2.9200.206266.0.6002.187811.1.3790.51315.2.3790.51306.1.7600.172326.0.6002.230366.2.9200.165226.1.7600.214426.1.7601.210006.1.7600.20000^[3-5]$6.2.9200.165255.1.2600.63526.1.7601.222486.1.7600.214446.1.7601.180766.2.9200.206306.0.6002.187825.2.3790.51236.0.6002.230386.1.7600.17233Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 Service Pack 1 (SP1)14.0.6134.50006.2.9200.206196.0.6002.187646.1.7600.214156.2.9200.165076.1.7601.180426.1.7601.210006.1.7600.200007.0.6000.171228.0.7600.214196.0.2900.63328.0.7601.221998.0.7601.180356.0.3790.51027.0.6002.187667.0.6002.230158.0.7600.172096.1.7601.220006.2.9200.165837.0.6002.230007.0.6002.230956.2.9200.206877.0.6002.188236.1.7601.180106.1.7600.213806.0.6002.187396.2.9200.164686.2.9200.205726.0.6002.229846.1.7601.221726.1.7600.171756.0.6002.187646.2.9200.165036.2.9200.206106.0.6002.230135.1.2600.63346.1.7600.214166.1.7601.180435.2.3790.51066.1.7601.222096.1.7600.1720610.0.9200.165769.0.8112.205938.0.7601.222966.0.3790.514910.0.9200.165796.0.2900.63807.0.6002.188239.0.8112.1648310.0.9200.2068110.0.9200.165788.0.7601.181267.0.6000.213357.0.6002.230958.0.6001.234868.0.6001.1941810.0.9200.206826.2.9200.164966.1.7600.172076.2.9200.206056.0.6002.187656.0.6002.230256.1.7601.180446.1.7601.222106.1.7600.214175.2.3790.51075.1.2600.633513.5.30729.70043.5.30729.58003.5.30729.55003.5.30729.54513.5.30729.58313.5.30729.40393.5.30729.70003.5.30729.50064.0.30319.5873.5.30729.50003.5.30729.58513.5.30729.64004.0.30319.2974.0.30319.5005.0.0.507126.1.7600.171726.2.9200.164646.0.6002.187366.1.7600.213776.1.7601.180076.0.6002.229816.2.9200.205686.1.7601.221696.1.7600.172735.2.3790.51386.1.7601.222805.1.2600.63686.0.6002.188056.1.7600.214906.0.6002.230766.1.7601.181136.2.9200.165516.2.9200.206556.1.7601.210006.0.6002.22000^16\..*$^15\..*$Windows Live Essentials16.4.3508.2058.0.6001.1940010.0.9200.164908.0.7600.214118.0.6001.234687.0.6002.230118.0.7601.222048.0.7600.172017.0.6002.187628.0.7601.180386.0.2900.633310.0.9200.205956.0.3790.51057.0.6000.213248.0.6001.234678.0.6001.193998.0.7601.200007.0.6002.220008.0.7600.200008.0.6001.220006.2.9200.206856.0.6002.230946.2.9200.165816.1.7601.181265.2.3790.51485.1.2600.63796.0.6002.188176.1.7601.222966.2.9200.165566.2.9200.206606.2.9200.164505.3.2600.63116.0.6002.229646.1.7600.171576.1.7601.179896.0.6002.187226.1.7601.221506.1.7600.213606.2.9200.205545.3.3790.50839.0.8112.1646410.0.9200.164949.0.8112.2057310.0.9200.205998.0.7601.222587.0.6000.213258.0.7601.1809410.0.9200.206309.0.8112.205807.0.6002.187788.0.6001.194039.0.8112.164707.0.6000.171238.0.6001.234716.0.3790.51206.0.2900.63478.0.7600.2147110.0.9200.165258.0.7600.172567.0.6002.230327.0.6000.200004.0.30319.190234.0.30319.180164.0.30319.2984.0.30319.180154.0.30319.190204.0.30319.5886.2.9200.164536.2.9200.205576.2.9200.200005.1.2.2375.2.3790.50945.1.2.2356.1.7601.180096.1.7601.221715.2.2.2355.1.2600.63226.0.6002.187335.1.2.2366.1.7600.171746.0.6002.229776.1.7600.213794.5.507094.0.30317.190104.0.30319.190194.0.30319.180144.0.30319.190004.0.30319.19000^7\.[0-9.]*$^8\..*$^6\..*$^10\..*$^9\.0\..*$7.0.6000.171168.0.6001.234618.0.7600.171669.0.8112.1645710.0.9200.200009.0.8112.205656.0.2900.63158.0.7601.179987.0.6002.1872710.0.9200.164397.0.6002.229718.0.6001.193938.0.7600.213697.0.6000.213187.0.6000.210006.0.3790.508010.0.9200.205628.0.7601.2100010.0.9200.164587.0.6002.220008.0.7601.221608.0.6001.230009.0.8112.200008.0.7600.20000Service Pack 3Service Pack 2^\d+\.win7sp1.*$6.2.9200.205336.2.9200.164326.2.9200.200006.0.6002.220006.0.6002.229416.1.7600.213306.1.7601.179595.1.2600.62936.0.6002.187036.1.7600.200006.1.7601.210005.2.3790.50686.1.7601.221196.1.7600.1713012.0.50727.3053^[a-zA-Z0-9\(\)\s]*2008[a-zA-Z0-9\(\)\s]*$ia64^[a-zA-Z0-9\(\)\s]*2003[a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*2012[a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] 8[a-zA-Z0-9\(\)\s]*$^[Aa][Mm][Dd]64$^[a-zA-Z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] [Xx][Pp][a-zA-Z0-9\(\)\s]*$^[a-zA-Z0-9\(\)\s]*[Vv][Ii][Ss][Tt][Aa][a-zA-Z0-9\(\)\s]*$x86^[a-zA-Z0-9\(\)\s]*2008 [Rr]2[a-zA-Z0-9\(\)\s]*$1windows^[A-Za-z0-9\(\)\s]*[Ww][Ii][Nn][Dd][Oo][Ww][Ss] 7[A-Za-z0-9\(\)\s]*$2.0.50727.70002.0.50727.70041.1.4322.25002.0.50727.64002.0.50727.36434.0.30319.5862.0.50727.49842.0.50727.54662.0.50727.57374.0.30319.2962.0.50727.42342.0.50727.56004.0.30319.400\Microsoft Shared\web server extensions\12\BIN\Microsoft Shared\web server extensions\15\ISAPI\Bin\Bin\Microsoft Shared\ink\Bin^\\winsxs\\(x86|amd64)_microsoft\.windows\.gdiplus_6595b64144ccf1df_.+$|\\WinSxS\\(x86|amd64)_Microsoft\.Windows\.GdiPlus_6595b64144ccf1df_.+$\system32\IME\IMEJP10\SysWOW64\IME\IMEJP10\ime\imjp8_1\system32\inetsrv\15.0\WebServices\ConversionServices\1033\15.0\WebServices\ConversionServices\15.0\WebServices\Shared\VisioGraphicsServer\Bin\14.0\WebServices\WordServer\Core\15.0\bin\Deployment\de-DE\Application Host\Applications\Response Group\Server\Core\ehome\14.0\WebServices\ConversionService\Bin\Converter\PPTConversionService\bin\Converter\Microsoft Shared\SERVER15\Server Setup Controller\WSS.en-us\15.0\WebServices\ConversionService\Bin\Converter\Microsoft Shared\Web Server Extensions\14\ISAPI\Microsoft Shared\SERVER15\Server Setup Controller\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client^\\System32\\DriverStore\\FileRepository\\wdmaudio.inf[_\w]+$Application Tier\Web Services\bin\15.0\bin\14.0\bin\Microsoft Shared\web server extensions\15\BIN\14.0\WebServices\ConversionService\Bin\Converter\14.0\WebServices\WordServer\Core\ADAM\Microsoft Shared\web server extensions\14\BIN^\\WinSxS\\msil_[\w_\.]+$\i386Writer\System32\drivers\Microsoft Shared\VGX\Microsoft.NET\Framework\v4.0.30319\WPF\System32\Microsoft.NET\Framework\v1.1.4322\Microsoft.NET\Framework\v2.0.50727\Microsoft.NET\Framework\v4.0.30319