Download
| Alert*
|
oval:org.secpod.oval:def:1413
The host is installed with Microsoft Windows XP or Windows server 2003 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an integer overflow condition. Successful exploitation allows remote attacker to execute code i ... oval:org.mitre.oval:def:2310 rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an ... oval:org.mitre.oval:def:1275 Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." oval:org.mitre.oval:def:4395 The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. oval:org.secpod.oval:def:1193 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to handle specially crafted DFS referral responses. Successful exploitat ... oval:org.secpod.oval:def:1178 The host is installed with Windows XP and Windows Server 2003, is prone to memory corruption vulnerability. A flaw is present in distributed file system (DFS) client which fails to parse specially crafted DFS responses. Successful exploitation allows attackers to execute arbitrary code and take comp ... oval:org.secpod.oval:def:1524 The host is missing a Critical security update according to Microsoft security bulletin, MS11-046.. The update is required to fix a privilege escalation vulnerability. The flaw is present in the application, as it fails to validate input passed from the user mode to the kernel. Successful exploiatio ... oval:org.mitre.oval:def:8654 vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a ... oval:org.mitre.oval:def:2012 The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number o ... oval:org.mitre.oval:def:4910 Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. oval:org.secpod.oval:def:3094 The host is missing an important security update according to Microsoft security bulletin, MS08-035. The update is required to fix denial of service vulnerability. A flaw is present in the implementations of Active Directory on Microsoft Windows , which fails to handle specially crafted LDAP request ... oval:org.secpod.oval:def:1757 The host is missing a important security update according to Microsoft security bulletin, MS11-065. The update is required to fix a denial of service vulnerability. A flaw is present in remote desktop protocol service, the way it handles sequence of specially crafted RDP packets. Successful exploita ... oval:org.secpod.oval:def:1756 The host is installed with Remote Desktop Protocol and is prone to denial of service vulnerability. A flaw is present in the remote desktop protocol service, which fails to handle sequence of specially crafted RDP packets. Successful exploitation allows remote attackers to create denial of service c ... oval:org.secpod.oval:def:1730 The host is missing a Critical security update according to Microsoft security bulletin, MS11-058. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, as it fails to handle a specially crafted NAPTR query string in memory. Successful exploitatio ... oval:org.secpod.oval:def:1732 The host is installed with Windows Server 2008 or Windows Server 2003 and is prone to denial of service vulnerability. A flaw is present in application which fails to handle an object in memory that has not been initialized. Successful exploitation could allow an attacker to cause the DNS server ser ... oval:org.secpod.oval:def:1728 The host is missing an important security update according to Microsoft security bulletin, MS11-062. The update is required to fix an elevation of privilege escalation vulnerability. A flaw is present in the application, as it fails to validate input passed from the user mode to the kernel. Successf ... oval:org.secpod.oval:def:1729 The host is installed with Windows XP or Windows Server 2003 and is prone to elevation of privilege vulnerability. A flaw is present in the application, as it fails to validate input passed from the user mode to the kernel. Successful exploitation could allow an attacker to execute arbitrary code an ... oval:org.secpod.oval:def:1372 The host is missing a critical security update according to Microsoft security bulletin, MS10-042. The update is required to fix URL validation vulnerability. A flaw is present in the Windows Help and Support Center feature, which fails to validate specially crafted URLs. Successful exploitation all ... oval:org.mitre.oval:def:8304 The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout ... oval:org.secpod.oval:def:1265 The host is installed with Windows server 2003 SP2 x86, Windows server 2003 SP2 x64, Windows server 2008 x86, Windows server 2008 x64,Windows server 2008 x86 SP2, Windows server 2008 x64 SP2, Windows server 2008 R2 x64 , Windows server 2008 R2 x64 SP1 with Active Directory Certificate Services Web E ... oval:org.secpod.oval:def:1385 The host is missing a critical security update according to Microsoft security bulletin, MS10-078. The update is required to fix privilege escalation vulnerabilities. Multiple flaws are present in the OpenType Font (OTF) format driver in Microsoft Windows, which is due to improper loading of formatt ... oval:org.secpod.oval:def:1267 The host is missing a critical security update according to Microsoft security bulletin, MS10-101. The update is required to fix denial of service vulnerability. A flaw is present in the Netlogon RPC Service, which fails to handle crafted RPC packet. Successful exploitation could allow an attacker t ... oval:org.secpod.oval:def:1266 The host is missing a Critical security update according to Microsoft security bulletin, MS11-051. The update is required to fix a privilege escalation vulnerability. A flaw is present in Active Directory Certificate Services Web Enrollment that could allow an attacker to inject a client-side script ... oval:org.secpod.oval:def:1246 The host is missing a critical security update according to Microsoft security bulletin, MS10-099. The update is required to fix buffer overflow vulnerability. A flaw is present in the Routing and Remote Access NDProxy component in the kernel, which fails to validate input passed from user mode to t ... oval:org.secpod.oval:def:1215 The host is missing a Critical security update according to Microsoft security bulletin, MS10-052. The update is required to fix remote code execution vulnerability. MPEG Layer-3 audio codecs which fails to handle a specially crafted media file or streaming contents. Successful exploitation allows a ... oval:org.secpod.oval:def:1588 The host is missing a critical security update according to Microsoft security bulletin, MS10-011. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows Client/Server Run-time Subsystem (CSRSS), which fails to terminate user processes when a user logs out ... oval:org.secpod.oval:def:1035 The host is missing an Important security update according to Microsoft security bulletin, MS11-010. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. A flaw is present in CSRSS, which fails t ... oval:org.secpod.oval:def:1045 The host is missing an important security update according to Microsoft security bulletin, MS11-005. The update is required to fix a denial of service vulnerability in Windows Active Directory server. A flaw is present in Microsoft Windows Active Directory, which fails to properly handle service pri ... oval:org.secpod.oval:def:2188 The host is missing a critical security update according to Microsoft security bulletin, MS10-024. The update is required to fix denial of service vulnerabilities. Flaws are present in Microsoft Exchange and SMTP service Office Excel. SMTP service fails to handle a specially crafted DNS response sen ... oval:org.mitre.oval:def:6095 The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. oval:org.mitre.oval:def:7170 vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a ... oval:org.secpod.oval:def:2289 The host is missing a critical security update according to Microsoft security bulletin, MS09-028. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft DirectShow , which fails to handle a specially crafted QuickTime media file. Successful explo ... oval:org.secpod.oval:def:2292 The host is missing an important security update according to Microsoft security bulletin, MS09-057. The update is required to fix remote code execution vulnerability. A flaw is present in the ActiveX control included with Windows Indexing Service, which fails to handle specifically crafted Web cont ... oval:org.secpod.oval:def:2034 The host is missing a critical security update according to Microsoft security bulletin, MS10-022. The update is required to fix remote code execution vulnerability. A flaw is present in VBScript engine, which fails to process WIndows help files in protected mode. User is forced to press the F1 key ... oval:org.secpod.oval:def:2246 The host is installed with Windows Internet Name Service (WINS) and is prone to privilege elevation vulnerability. A flaw is present in the application which is caused by a sequence of specially crafted packets received on the loopback interface. Successful exploitation allows attacker to execute ar ... oval:org.secpod.oval:def:2245 The host is missing a important security update according to Microsoft security bulletin, MS11-070. The update is required to fix privilege elevation vulnerability. The flaw is present in the Windows Internet Name Service, which fails to handle a specially crafted WINS replication packet. Successful ... oval:org.secpod.oval:def:2250 The host is missing a critical security update according to Microsoft security bulletin, MS09-069. The update is required to fix denial of service condition. A flaw is present in the Windows Local Security Authority Subsystem Service (LSASS), which fails to handle specially crafted ISAKMP messages c ... oval:org.mitre.oval:def:7067 The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX rec ... oval:org.mitre.oval:def:12188 Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI fil ... oval:org.mitre.oval:def:12175 The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of in ... oval:org.mitre.oval:def:5825 afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted po ... oval:org.mitre.oval:def:5923 Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code ... oval:org.mitre.oval:def:5630 Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function p ... oval:org.mitre.oval:def:12242 ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file. oval:org.mitre.oval:def:12461 Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the ... oval:org.secpod.oval:def:2627 The host is missing a critical security update according to, MS08-001. The update is required to fix multple remote code execution vulnerabilities. A flaw is present in the application, which fails in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. Successful exploitation could ... oval:org.secpod.oval:def:2619 The host is missing a critical security update according to Microsoft security bulletin, MS08-049. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Windows Event System, which fails to handle per-user subscriptions correctly. Successful exploita ... oval:org.secpod.oval:def:699 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.mitre.oval:def:6639 LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem S ... oval:org.mitre.oval:def:11596 Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, a ... oval:org.secpod.oval:def:2724 The host is missing a security update according to Microsoft security bulletin, MS09-023. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft ActiveX Controls and Yahoo! Music Jukebox product, which fails to handle a specially crafted Web page ... oval:org.mitre.oval:def:5893 Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data si ... oval:org.mitre.oval:def:6742 The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." oval:org.mitre.oval:def:11585 Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, ak ... oval:org.secpod.oval:def:2613 The host is missing an important security update according to Microsoft security bulletin, MS08-066. The update is required to fix elevation of privileges vulnerability. A flaw is present in Microsoft Ancillary Function Driver. Successful exploitation could allow an attacker to take complete control ... oval:org.secpod.oval:def:2608 The host is missing a critical security update according to Microsoft security bulletin, MS08-046. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Image Color Management (ICM) system, which fails handle a specially crafted image file. Successful ... oval:org.mitre.oval:def:11573 Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. oval:org.mitre.oval:def:5475 The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. oval:org.mitre.oval:def:5580 Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." oval:org.mitre.oval:def:11677 The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content. oval:org.mitre.oval:def:11787 The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malfo ... oval:org.secpod.oval:def:998 The host is missing an Important security update according to Microsoft security bulletin, MS11-014. The update is required to fix privilege escalation vulnerability in Windows Local Security Authority Subsystem Service (LSASS). A flaw is present in LSASS, which fails to process some specially craft ... oval:org.mitre.oval:def:11769 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." oval:org.secpod.oval:def:2353 The host is missing a important security update according to Microsoft security bulletin, MS09-026. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows RPC. The RPC Marshalling Engine fails to update its internal state appropriately. Successful exploita ... oval:org.mitre.oval:def:5271 The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerabi ... oval:org.mitre.oval:def:6237 Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited ... oval:org.mitre.oval:def:5495 The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. oval:org.mitre.oval:def:6227 The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that trigg ... oval:org.mitre.oval:def:11733 The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands vi ... oval:org.mitre.oval:def:11975 Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615. oval:org.mitre.oval:def:11844 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vul ... oval:org.secpod.oval:def:2664 The host is missing a critical security update according to Microsoft bulletin, MS08-022. The update is required to fix a remote code execution vulnerability. A flaw is present in (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 20 ... oval:org.mitre.oval:def:7258 The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." oval:org.mitre.oval:def:6042 A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corru ... oval:org.mitre.oval:def:6287 The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler L ... oval:org.secpod.oval:def:89 The host is installed with Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003 and is prone to elevated privileges vulnerability. A flaw is present in CSRSS, which fails to handle a specially crafted application that continues to run even after log off. Successful ... oval:org.mitre.oval:def:11963 The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vul ... oval:org.secpod.oval:def:83 A denial of service vulnerability is present in Windows Active Directory server. A flaw is present in Microsoft Windows Active Directory Application Mode (ADAM), which fails to properly handle service principal name (SPN) update requests. Successful exploitation could allow an attacker to crash the ... oval:org.secpod.oval:def:96 A privilege escalation vulnerability is present in Windows Local Security Authority Subsystem Service (LSASS). A flaw is present in LSASS, which fails to process some specially crafted authentication requests. Successful exploitation could allow an attacker to gain additional privileges and execute ... oval:org.secpod.oval:def:94 The host is installed with Windows XP or Windows Server 2003 and is prone to Unkeyed checksum vulnerability. A flaw is present in Kerberos implementation, which fails to restrict support for weak hashing mechanisms such as CRC32 allowing certain aspects of a Kerberos service ticket to be forged. Suc ... oval:org.secpod.oval:def:2525 The host is missing an important security update according to Microsoft security bulletin, MS11-080. The update is required to fix privilege elevation vulnerability. A flaw is present in the Microsoft Windows Ancillary Function Driver (AFD), which fails to handle a specially crafted application. Suc ... oval:org.secpod.oval:def:2526 The host is installed with ancillary function driver (afd.sys) and is prone to elevation of privilege vulnerability. A flaw is present in the application which is caused by improper validation of input passed from user mode to the Windows kernel. Successful exploitation allows attacker to execute ar ... oval:org.mitre.oval:def:6340 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state t ... oval:org.mitre.oval:def:6793 Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." oval:org.mitre.oval:def:7113 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocati ... oval:org.secpod.oval:def:15425 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15426 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15423 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15424 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15419 The host is missing an important security update according to Microsoft security bulletin MS13-076. The update is required to fix multiple vulnerabilities. The flaws are present in the windows Kernel-Mode driver, which fails to properly handle objects in memory. Successful exploitation could allow a ... oval:org.secpod.oval:def:15421 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15422 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15420 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, or Windows 8 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to properly handle objects in ... oval:org.secpod.oval:def:8190 The host is missing a critical security update according to Microsoft security bulletin, MS12-078. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle the objects in memory. Successful exploitation could allow remote ... oval:org.secpod.oval:def:8191 The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted OpenType font file. Success ... oval:org.secpod.oval:def:6345 The host is missing an important security update according to Microsoft security bulletin, MS12-048. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell, which fails to handle a file or directory with a specially crafted name. Successful exploita ... oval:org.secpod.oval:def:6346 The host is installed with Microsoft Windows and is prone to command injection vulnerability. A flaw is present in the windows shell, which fails to handle file and directory names. Successful exploitation allows remote attackers to install programs, view, change or delete data or create new account ... oval:org.secpod.oval:def:6029 The host is missing an important security update according to Microsoft bulletin, MS12-041. The update is required to fix elevation of privilege vulnerabilities. The flaws are present in the application, which fails to properly validate input passed from user mode. Successful exploitation allows att ... oval:org.secpod.oval:def:6033 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:6032 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:6031 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle TrueType font loading. Successful exploitation ... oval:org.secpod.oval:def:6034 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:2520 The host is missing an important security update according to Microsoft security bulletin, MS11-077. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Windows, which fails to handle a specially crafted font file (such as a .fon file) in a network ... oval:org.secpod.oval:def:2524 The host is installed with Windows kernel-mode drivers and is prone to elevation of privilege vulnerability. A flaw is present in the application which is caused by improper handling of kernel-mode driver objects. Successful exploitation allows attacker to execute arbitrary code and take complete co ... oval:org.secpod.oval:def:2521 The host is installed with Windows kernel-mode drivers and is prone to null pointer de-reference vulnerability. A flaw is present in the application which is caused by kernel-mode drivers improper validation of data supplied from user mode to kernel mode. Successful exploitation allows attacker to e ... oval:org.secpod.oval:def:2523 The host is installed with Windows kernel and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by improper handling of a specially crafted .fon font file. Successful exploitation allows attacker to execute arbitrary code and take complete control ... oval:org.secpod.oval:def:2251 The host is installed with components which are prone to remote code execution vulnerability. Flaws are present in the Windows components, which fails to handle legitimate rich test format files, text files and .doc files present in the same network directory as a specially crafted dynamic link libr ... oval:org.secpod.oval:def:2252 The host is missing an important security update according to Microsoft security bulletin, MS11-071. The update is required to fix a remote code execution vulnerability.Flaws are present in the Windows components, which fails to handle legitimate rich test format files, text files and .doc files pre ... oval:org.secpod.oval:def:2536 The host is missing a important security update according to Microsoft security bulletin, MS11-075. The update is required to fix a remote code execution vulnerability. A flaw is present in the Microsoft Active Accessibility component, which fails to handle specially crafted dynamic link library fil ... oval:org.secpod.oval:def:2537 The host is installed with Microsoft Active Accessibility component and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Active Accessibility component, which fails to handle specially crafted dynamic link library file present in the same network directory. Succe ... oval:org.secpod.oval:def:1408 The host is missing an Important security update according to Microsoft security bulletin, MS11-054. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in windows Kernel-mode ... oval:org.secpod.oval:def:1404 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1740 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) which fails to restrict the arbitr ... oval:org.secpod.oval:def:1739 The host is missing an important security update according to Microsoft security bulletin, MS11-056. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem. The flaw is present in Client/Server Run-time Subsystem (CSRSS), which fails to restric ... oval:org.secpod.oval:def:1738 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) which fails to restrict the arbitr ... oval:org.secpod.oval:def:1399 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1401 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1400 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1403 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1402 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1395 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1394 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1397 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1398 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1393 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1410 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to memory corruption vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) where a NULL pointer is passed without ... oval:org.secpod.oval:def:1412 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an integer overf ... oval:org.secpod.oval:def:1411 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused when user input is used as an index for an array without f ... oval:org.secpod.oval:def:1414 The host is missing an important security update according to Microsoft security bulletin, MS11-056. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an inte ... oval:org.secpod.oval:def:1409 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by a memory corrupt ... oval:org.secpod.oval:def:1177 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to specially crafted DFS referral responses. Successful exploitation all ... oval:org.secpod.oval:def:1179 The host is installed with Windows XP or Windows Vista or Windows Server 2008 or Windows Server 2003 or Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to specially crafted DFS referral responses. Successful exploitatio ... oval:org.secpod.oval:def:1180 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in Microsoft Server Message Block which does not properly handle specially crafted SMB responses. Successful exploitation allow ... oval:org.secpod.oval:def:1181 The host is missing a Critical security update according to Microsoft security bulletin, MS11-043. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Server Message Block which does not properly handle specially crafted SMB responses. Successful exploit ... oval:org.secpod.oval:def:1168 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP1 or SP2, Windows Server 2008 and SP2 or Windows 7 and is prone to an information disclosure vulnerability. A flaw is present in the MHTML implementation which fails to open a specially crafted URL. ... oval:org.secpod.oval:def:2723 The host is missing a Critical security update according to Microsoft security bulletin, MS11-037. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, as it fails to handle the way that MHTML interprets MIME-formatted requests for content that ... oval:org.secpod.oval:def:1170 The host is missing a Critical security update according to Microsoft security bulletin, MS11-038. The update is required to fix remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:1169 The host is installed with Microsoft Windows XP SP3, Microsoft Windows Server 2003 XP2, Windows Server 2008 SP1 or SP2 and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:691 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:823 The host is missing an Important security update according to Microsoft security bulletin, MS11-034. The update is required to fix multiple privilege escalation vulnerabilities in Microsoft Windows. The flaws are present in Windows Kernel-mode drivers related to managing driver objects. Successful e ... oval:org.secpod.oval:def:690 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:688 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:687 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:689 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:686 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:684 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:683 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:685 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:703 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:702 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:697 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:696 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:698 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:701 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:700 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:695 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:694 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:693 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:682 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:681 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:680 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:677 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:679 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:678 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:675 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:674 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:676 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1041 The host is missing a Critical security update according to Microsoft security bulletin, MS11-020. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in the SMB Transaction parsing, which fails to handle specially created SMB packets. Successful ... oval:org.secpod.oval:def:1040 The host is missing a Critical security update according to Microsoft security bulletin, MS11-019. The update is required to fix remote code execution vulnerability in Microsoft Windows. The flaws are present in the SMB Client Could which fails to handle specially crafted SMB response to a client-in ... oval:org.secpod.oval:def:664 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in windows SMB client which fails to validate specially crafted SMB responses. Successful exploitation could allow an attacker to gain complete control of the system. oval:org.secpod.oval:def:660 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in SMB Transaction parsing, which fails to handle specially created SMB packets. Successful exploitation could allow an attacker to take the complete control of the system. oval:org.secpod.oval:def:656 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to remote code execution vulnerability. A flaw is present in DNS client service which does not properly handle specially crafted LLMNR queries. Successful exploitation allows att ... oval:org.secpod.oval:def:659 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in Windows Fax cover page editor, which fails to parse specially created fax cover pages. Successful exploitation could remote code execution. oval:org.secpod.oval:def:658 The host is installed with Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP and is prone to remote code execution vulnerability. A flaw is present in the OpenType Font (OTF) driver which fails to properly parse specially crafted OpenType fonts. Successful exploi ... oval:org.secpod.oval:def:992 The host is missing a Critical security update according to Microsoft security bulletin, MS11-032. The update is required to fix remote code execution vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in the OpenType Font (OTF) ... oval:org.secpod.oval:def:991 The host is missing an important security update according to Microsoft security bulletin, MS11-024. The update is required to fix multiple remote code execution vulnerabilities. Flaws are present in the application, whci fails to handle malicious Fax Cover Page (.cov) files. Successful exploitation ... oval:org.secpod.oval:def:297 The host is installed with Microsoft Remote Desktop client and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle the loading of DLL files. Successful exploitation could allow an attacker to execute arbitrary code on the remote system. oval:org.secpod.oval:def:990 The host is missing an Important security update according to Microsoft security bulletin, MS11-017. The update is required to fix remote code execution vulnerability in Microsoft Windows Remote Desktop Client. A flaw is present in the application which fails to handle the loading of DLL files. Succ ... oval:org.secpod.oval:def:1032 The host is missing a Critical security update according to Microsoft security bulletin, MS11-007. The update is required to fix remote code execution vulnerability in Windows OpenType Compact Font Format (CFF) driver. A flaw is present in the the driver which fails to properly parse specially craft ... oval:org.secpod.oval:def:1037 The host is missing an Important security update according to Microsoft security bulletin, MS11-012. The update is required to fix elevation of privilege vulnerability in Microsoft Windows. A flaw is present in the windows kernel-mode drivers which fails to validate data passed from user mode to ker ... oval:org.secpod.oval:def:101 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.secpod.oval:def:100 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.secpod.oval:def:85 The host is installed with OpenType Compact Font Format (CFF) driver and is prone to remote code execution vulnerability. A flaw is present in the driver which fails to properly parse specially crafted OpenType fonts. Successful exploitation allows an attacker to run arbitrary code in kernel mode an ... oval:org.secpod.oval:def:99 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.secpod.oval:def:98 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.secpod.oval:def:287 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP1 or SP2, Windows Server 2008 and SP2 or Windows 7 and is prone to information disclosure vulnerability. A flaw is present in MHTML implementation which fails to properly handle MIME format in a requ ... oval:org.secpod.oval:def:97 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.secpod.oval:def:1270 The host is missing a critical security update according to Microsoft security bulletin, MS10-098. The update is required to fix multiple vulnerabilities. Flaws are present in the Win32k.sys in the kernel-mode drivers, which fails to allocate memory when copying data from user mode. Successful explo ... oval:org.mitre.oval:def:12280 The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." oval:org.mitre.oval:def:12357 The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenTyp ... oval:org.mitre.oval:def:12329 Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free ... oval:org.mitre.oval:def:12317 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that trigge ... oval:org.mitre.oval:def:11762 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted a ... oval:org.secpod.oval:def:1351 The host is missing a critical security update according to Microsoft security bulletin, MS10-091. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the OpenType Font (OTF) driver, which fails to parse specially crafted OpenType fonts. Successful exploitation coul ... oval:org.mitre.oval:def:12194 Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Do ... oval:org.mitre.oval:def:12252 Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies fr ... oval:org.mitre.oval:def:11959 Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnera ... oval:org.mitre.oval:def:7272 Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitra ... oval:org.mitre.oval:def:12085 The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowL ... oval:org.secpod.oval:def:1390 The host is missing a critical security update according to Microsoft security bulletin, MS10-076. The update is required to fix integer overflow vulnerability. A flaw is present in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows, which fails to parse 'hdmx' records in an ... oval:org.mitre.oval:def:6881 Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Em ... oval:org.secpod.oval:def:1520 The host is missing a critical security update according to Microsoft security bulletin, MS10-073. The update is required to fix privilege escalation vulnerability. A flaw is present in the Win32k.sys in Kernel-Mode drivers in the Microsoft Windows, which fails to load keyboard layouts from disk or ... oval:org.mitre.oval:def:7514 The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka ... oval:org.secpod.oval:def:1456 The host is missing a critical security update according to Microsoft security bulletin, MS10-081. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the common control library (Comctl32.dll) in Microsoft Windows, which fails to handle messages passed from a ... oval:org.secpod.oval:def:1272 The host is missing a critical security update according to Microsoft security bulletin, MS10-096. The update is required to fix remote code execution vulnerability. A flaw is present in the wab.exe in Windows Address Book, which fails to load dynamic-link libraries. Successful exploitation could al ... oval:org.mitre.oval:def:6833 Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll fi ... oval:org.mitre.oval:def:12352 Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll fi ... oval:org.mitre.oval:def:12006 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted applic ... oval:org.mitre.oval:def:11106 The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB ... oval:org.mitre.oval:def:11663 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local ... oval:org.secpod.oval:def:1375 The host is missing a critical security update according to Microsoft security bulletin, MS10-048. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel-Mode Drivers, which fails to validate specially crafted applications. Successful exploitatio ... oval:org.secpod.oval:def:1575 The host is missing a critical security update according to Microsoft security bulletin, MS10-054. The update is required to fix code execution vulnerabilities. Multiple flaws are present in the SMB Server in Microsoft Windows, which fails to validate fields in a SMB request. Successful exploitation ... oval:org.mitre.oval:def:11020 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of serv ... oval:org.mitre.oval:def:11564 Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explore ... oval:org.secpod.oval:def:1378 The host is missing a Critical security update according to Microsoft security bulletin, MS10-046. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell, which fails to parse a malicious shortcut file and executes a malicious code when the operatin ... oval:org.mitre.oval:def:7283 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, ... oval:org.secpod.oval:def:1047 The host is missing an critical security update according to Microsoft security bulletin, MS11-027. The update is required to fix remote code execution vulnerability in Microsoft Internet Explorer. The flaws are present in the application which fails to handle memory corruption, an input validation. ... oval:org.mitre.oval:def:7609 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device ... oval:org.secpod.oval:def:1990 The host is missing a critical security update according to Microsoft security bulletin, MS10-034. The update is required to fix remote code execution vulnerability. A flaw is present in the activex control iedvtool.dll and max3activex.dll, which fails to handle specially crafted Web page. Successfu ... oval:org.mitre.oval:def:7492 Unspecified vulnerability in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 and R2, and Windows 7 allows remote attackers to execute arbitrary code via un ... oval:org.secpod.oval:def:1447 The host is missing a critical security update according to Microsoft security bulletin, MS10-032. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows kernel-mode drivers, which fails to validate callback parameter and the way it provides outlines of ... oval:org.mitre.oval:def:6948 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute ... oval:org.secpod.oval:def:2048 The host is missing a critical security update according to Microsoft security bulletin, MS10-019. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows cabinet file viewer shell extension and authenticode signature verification used for portable execu ... oval:org.mitre.oval:def:7072 Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation ... oval:org.mitre.oval:def:6886 The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does no ... oval:org.mitre.oval:def:7509 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulner ... oval:org.mitre.oval:def:7574 Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerabilit ... oval:org.secpod.oval:def:1382 The host is missing a critical security update according to Microsoft security bulletin, MS10-037. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows OpenType Compact Font Format (CFF) driver, which fails to validate a specially crafted CFF font. Succ ... oval:org.secpod.oval:def:1457 The host is missing a critical security update according to Microsoft security bulletin, MS10-029. The update is required to fix address spoofing vulnerability. A flaw is present in the ISATAP Component, which fails to check the inner packet's IPv6 source address in a tunneled ISATAP packets. Succes ... oval:org.secpod.oval:def:1585 The host is missing a critical security update according to Microsoft security bulletin, MS10-021. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to validate specially crafted applications like the creation of symbolic links o ... oval:org.mitre.oval:def:6918 The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response t ... oval:org.secpod.oval:def:1988 The host is missing a critical security update according to Microsoft security bulletin, MS10-026. The update is required to fix remote code execution vulnerability. A flaw is present in the MPEG Layer-3 audio codecs, which fails to decode a specially crafted AVI file containing an MPEG Layer-3 audi ... oval:org.mitre.oval:def:6787 The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a fi ... oval:org.mitre.oval:def:7441 Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack ... oval:org.secpod.oval:def:1584 The host is missing a critical security update according to Microsoft security bulletin, MS10-020. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows SMB Client, which fails to handle a specially crafted SMB response sent to a client-initiated SMB r ... oval:org.mitre.oval:def:7129 The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers t ... oval:org.secpod.oval:def:2032 The host is missing a critical security update according to Microsoft security bulletin, MS10-018. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer, which fails to verify the origin of scripts and handle objects in memory and improper validation of l ... oval:org.mitre.oval:def:6814 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application ... oval:org.mitre.oval:def:7840 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." oval:org.mitre.oval:def:7722 Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." oval:org.mitre.oval:def:7774 Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." oval:org.mitre.oval:def:8302 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ... oval:org.mitre.oval:def:8446 Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, ak ... oval:org.mitre.oval:def:8554 Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerabi ... oval:org.mitre.oval:def:8553 Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another ... oval:org.secpod.oval:def:2030 The host is missing a critical security update according to Microsoft security bulletin, MS10-008. The update is required to fix remote code execution vulnerability. A flaw is present in the activex control max3activex.dll, which fails to handle specially crafted Web page. Successful exploitation al ... oval:org.mitre.oval:def:8424 The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote ... oval:org.secpod.oval:def:2035 The host is missing a critical security update according to Microsoft security bulletin, MS10-012. The update is required to fix remote code execution vulnerabilities. A flaw is present in the SMB Server, which fails to validate crafted SMB requests. Successful exploitation could allow an attacker t ... oval:org.mitre.oval:def:7751 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain acc ... oval:org.mitre.oval:def:8314 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows ... oval:org.mitre.oval:def:8438 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to ex ... oval:org.secpod.oval:def:1224 The host is missing a Critical security update according to Microsoft security bulletin, MS10-001. The update is required to fix remote code execution vulnerability. A flaw is present in the OpenType (EOT) Font Client which fails to properly parse specially crafted EOT fonts. Successful exploitation ... oval:org.mitre.oval:def:8324 Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compr ... oval:org.secpod.oval:def:2244 The host is missing a critical security update according to Microsoft security bulletin, MS09-065. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to validate the argument passed to the system call and input passed from us ... oval:org.mitre.oval:def:6406 win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing V ... oval:org.secpod.oval:def:2634 The host is missing an important security update according to Microsoft security bulletin, MS09-066. The update is required to fix denial of service vulnerability. A flaw is present in the Microsoft Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Li ... oval:org.mitre.oval:def:5890 Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on ... oval:org.mitre.oval:def:6277 The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, ak ... oval:org.mitre.oval:def:5588 win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a ... oval:org.secpod.oval:def:2296 The host is missing an important security update according to Microsoft security bulletin, MS09-059. The update is required to fix denial of service vulnerability. A flaw is present in the Microsoft Windows Local Security Authority Subsystem Service (LSASS), which fails handle malformed packets duri ... oval:org.mitre.oval:def:6263 Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denia ... oval:org.mitre.oval:def:5842 The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain n ... oval:org.secpod.oval:def:2565 The host is missing an important security update according to Microsoft security bulletin, MS09-056. The update is required to fix spoofing vulnerabilities. The flaws are present in the Windows CryptoAPI, which fails to validate certificate names that contain null terminators and ASN.1 object identi ... oval:org.secpod.oval:def:2556 The host is missing a critical security update according to Microsoft security bulletin, MS09-048. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Transmission Control Protocol/Internet Protocol (TCP/IP) processing, which fails to handle specially cr ... oval:org.secpod.oval:def:2294 The host is missing a critical security update according to Microsoft security bulletin, MS09-022. The update is required to fix remote code execution vulnerability in Windows. A flaw is present in the Windows Print Spooler, which fails handle specially crafted RPC request. Successful exploitation c ... oval:org.mitre.oval:def:6062 Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which ... oval:org.mitre.oval:def:5984 Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerabilit ... oval:org.secpod.oval:def:2992 The host is missing a critical security update according to Microsoft security bulletin, MS08-071. The update is required to fix remote code execution vulnerabilities. The flaws are present in GDI, which fails to handle a specially crafted WMF image file. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:2622 The host is missing a critical security update according to Microsoft security bulletin, MS08-021. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly process a malformed header or a malformed file name param ... oval:org.mitre.oval:def:5437 Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is ... oval:org.mitre.oval:def:5441 Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, a ... oval:org.secpod.oval:def:2651 The host is missing an important security update according to Microsoft security bulletin, MS08-025. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows kernel, which fails to handle validation of inputs passed from user mode. Successful exploitation co ... oval:org.secpod.oval:def:2031 The host is missing a critical security update according to Microsoft security bulletin, MS10-002. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer which fails to handle objects in memory, input parameters and HTML attributes. Successful exploitation ... oval:org.mitre.oval:def:8464 The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a cra ... oval:org.secpod.oval:def:1569 The host is missing a critical security update according to Microsoft security bulletin, MS10-007. The update is required to fix code execution vulnerability. A flaw is present in the ShellExecute API function in Microsoft Windows, which fails to validate user supplied input parameters. Successful e ... oval:org.secpod.oval:def:1245 The host is missing a critical security update according to Microsoft security bulletin, MS10-049. The update is required to fix remote code execution vulnerabilities. Flaws are present in the the Secure Channel (SChannel) which fails to validate a malformed certificate request message sent by the s ... |
