Download
| Alert*
|
oval:org.mitre.oval:def:2310
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an ... oval:org.mitre.oval:def:1275 Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." oval:org.mitre.oval:def:4395 The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. oval:org.mitre.oval:def:2012 The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number o ... oval:org.secpod.oval:def:3094 The host is missing an important security update according to Microsoft security bulletin, MS08-035. The update is required to fix denial of service vulnerability. A flaw is present in the implementations of Active Directory on Microsoft Windows , which fails to handle specially crafted LDAP request ... oval:org.mitre.oval:def:4910 Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. oval:org.secpod.oval:def:2664 The host is missing a critical security update according to Microsoft bulletin, MS08-022. The update is required to fix a remote code execution vulnerability. A flaw is present in (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 20 ... oval:org.mitre.oval:def:6095 The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. oval:org.secpod.oval:def:2627 The host is missing a critical security update according to, MS08-001. The update is required to fix multple remote code execution vulnerabilities. A flaw is present in the application, which fails in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. Successful exploitation could ... oval:org.mitre.oval:def:5475 The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. oval:org.secpod.oval:def:2619 The host is missing a critical security update according to Microsoft security bulletin, MS08-049. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Windows Event System, which fails to handle per-user subscriptions correctly. Successful exploita ... oval:org.mitre.oval:def:5630 Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function p ... oval:org.mitre.oval:def:5271 The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerabi ... oval:org.mitre.oval:def:5580 Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." oval:org.secpod.oval:def:2724 The host is missing a security update according to Microsoft security bulletin, MS09-023. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft ActiveX Controls and Yahoo! Music Jukebox product, which fails to handle a specially crafted Web page ... oval:org.mitre.oval:def:5893 Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data si ... oval:org.mitre.oval:def:5495 The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:2608 The host is missing a critical security update according to Microsoft security bulletin, MS08-046. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Image Color Management (ICM) system, which fails handle a specially crafted image file. Successful ... oval:org.mitre.oval:def:5923 Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:2992 The host is missing a critical security update according to Microsoft security bulletin, MS08-071. The update is required to fix remote code execution vulnerabilities. The flaws are present in GDI, which fails to handle a specially crafted WMF image file. Successful exploitation allows attackers to ... oval:org.mitre.oval:def:5984 Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerabilit ... oval:org.mitre.oval:def:6062 Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which ... oval:org.secpod.oval:def:2622 The host is missing a critical security update according to Microsoft security bulletin, MS08-021. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly process a malformed header or a malformed file name param ... oval:org.mitre.oval:def:5437 Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is ... oval:org.secpod.oval:def:2651 The host is missing an important security update according to Microsoft security bulletin, MS08-025. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows kernel, which fails to handle validation of inputs passed from user mode. Successful exploitation co ... oval:org.mitre.oval:def:5441 Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, a ... oval:org.secpod.oval:def:2584 The host is missing an important security update according to Microsoft security bulletin, MS08-020. The update is required to fix spoofing attack vulnerability. A flaw is present in Windows DNS clients, which fails handle a specially crafted responses to DNS requests. Successful exploitation could ... oval:org.mitre.oval:def:5314 The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. |
